Skip to content

Commit 059f180

Browse files
hown3dhown3d
committed
refactor: filters with types
Signed-off-by: Lukas Hoehl <lukas.hoehl@stackit.cloud>
1 parent 963a00b commit 059f180

11 files changed

Lines changed: 359 additions & 216 deletions

go.mod

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -16,6 +16,7 @@ require (
1616
github.com/spf13/cobra v1.10.2
1717
github.com/spf13/pflag v1.0.10
1818
golang.org/x/tools v0.43.0
19+
google.golang.org/protobuf v1.36.11
1920
gopkg.in/yaml.v3 v3.0.1
2021
istio.io/api v1.27.8
2122
istio.io/client-go v1.27.2
@@ -64,11 +65,13 @@ require (
6465
github.com/brunoga/deep v1.3.1 // indirect
6566
github.com/cenkalti/backoff/v5 v5.0.3 // indirect
6667
github.com/cespare/xxhash/v2 v2.3.0 // indirect
68+
github.com/cncf/xds/go v0.0.0-20251210132809-ee656c7534f5 // indirect
6769
github.com/coreos/go-systemd/v22 v22.7.0 // indirect
6870
github.com/cyphar/filepath-securejoin v0.6.1 // indirect
6971
github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
7072
github.com/elliotchance/orderedmap/v3 v3.1.0 // indirect
7173
github.com/emicklei/go-restful/v3 v3.13.0 // indirect
74+
github.com/envoyproxy/protoc-gen-validate v1.3.0 // indirect
7275
github.com/evanphx/json-patch/v5 v5.9.11 // indirect
7376
github.com/fatih/color v1.18.0 // indirect
7477
github.com/fluent/fluent-operator/v3 v3.7.0 // indirect
@@ -136,6 +139,7 @@ require (
136139
github.com/perses/common v0.30.2 // indirect
137140
github.com/perses/perses v0.53.0 // indirect
138141
github.com/perses/perses-operator v0.3.2 // indirect
142+
github.com/planetscale/vtprotobuf v0.6.1-0.20240319094008-0393e58bdf10 // indirect
139143
github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
140144
github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring v0.89.0 // indirect
141145
github.com/prometheus/alertmanager v0.29.0 // indirect
@@ -202,7 +206,6 @@ require (
202206
google.golang.org/genproto/googleapis/api v0.0.0-20260226221140-a57be14db171 // indirect
203207
google.golang.org/genproto/googleapis/rpc v0.0.0-20260226221140-a57be14db171 // indirect
204208
google.golang.org/grpc v1.79.3 // indirect
205-
google.golang.org/protobuf v1.36.11 // indirect
206209
gopkg.in/evanphx/json-patch.v4 v4.13.0 // indirect
207210
gopkg.in/inf.v0 v0.9.1 // indirect
208211
gopkg.in/yaml.v2 v2.4.0 // indirect

go.sum

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -112,6 +112,8 @@ github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWR
112112
github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI=
113113
github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU=
114114
github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
115+
github.com/cncf/xds/go v0.0.0-20251210132809-ee656c7534f5 h1:6xNmx7iTtyBRev0+D/Tv1FZd4SCg8axKApyNyRsAt/w=
116+
github.com/cncf/xds/go v0.0.0-20251210132809-ee656c7534f5/go.mod h1:KdCmV+x/BuvyMxRnYBlmVaq4OLiKW6iRQfvC62cvdkI=
115117
github.com/coreos/go-systemd/v22 v22.7.0 h1:LAEzFkke61DFROc7zNLX/WA2i5J8gYqe0rSj9KI28KA=
116118
github.com/coreos/go-systemd/v22 v22.7.0/go.mod h1:xNUYtjHu2EDXbsxz1i41wouACIwT7Ybq9o0BQhMwD0w=
117119
github.com/cpuguy83/go-md2man/v2 v2.0.6/go.mod h1:oOW0eioCTA6cOiMLiUPZOpcVxMig6NIQQ7OS05n1F4g=
@@ -134,7 +136,11 @@ github.com/emicklei/go-restful v2.9.5+incompatible/go.mod h1:otzb+WCGbkyDHkqmQmT
134136
github.com/emicklei/go-restful/v3 v3.13.0 h1:C4Bl2xDndpU6nJ4bc1jXd+uTmYPVUwkD6bFY/oTyCes=
135137
github.com/emicklei/go-restful/v3 v3.13.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc=
136138
github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
139+
github.com/envoyproxy/go-control-plane/envoy v1.36.0 h1:yg/JjO5E7ubRyKX3m07GF3reDNEnfOboJ0QySbH736g=
140+
github.com/envoyproxy/go-control-plane/envoy v1.36.0/go.mod h1:ty89S1YCCVruQAm9OtKeEkQLTb+Lkz0k8v9W0Oxsv98=
137141
github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=
142+
github.com/envoyproxy/protoc-gen-validate v1.3.0 h1:TvGH1wof4H33rezVKWSpqKz5NXWg5VPuZ0uONDT6eb4=
143+
github.com/envoyproxy/protoc-gen-validate v1.3.0/go.mod h1:HvYl7zwPa5mffgyeTUHA9zHIH36nmrm7oCbo4YKoSWA=
138144
github.com/evanphx/json-patch v4.9.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk=
139145
github.com/evanphx/json-patch v5.9.11+incompatible h1:ixHHqfcGvxhWkniF1tWxBHA0yb4Z+d1UQi45df52xW8=
140146
github.com/evanphx/json-patch v5.9.11+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk=
@@ -411,6 +417,8 @@ github.com/peterbourgon/diskv v2.0.1+incompatible/go.mod h1:uqqh8zWWbv1HBMNONnaR
411417
github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
412418
github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
413419
github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
420+
github.com/planetscale/vtprotobuf v0.6.1-0.20240319094008-0393e58bdf10 h1:GFCKgmp0tecUJ0sJuv4pzYCqS9+RGSn52M3FUwPs+uo=
421+
github.com/planetscale/vtprotobuf v0.6.1-0.20240319094008-0393e58bdf10/go.mod h1:t/avpk3KcrXxUnYOhZhMXJlSEyie6gQbtLq5NM3loB8=
414422
github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
415423
github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U=
416424
github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=

pkg/controller/actuator.go

Lines changed: 12 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -276,12 +276,18 @@ func (a *actuator) createSeedResources(
276276
return err
277277
}
278278

279-
vpnEnvoyFilterSpec := envoyfilters.BuildVPNEnvoyFilterSpecForHelmChart(
279+
vpnEnvoyFilterSpec, err := envoyfilters.BuildVPNEnvoyFilterSpecForHelmChart(
280280
cluster, spec.Rule, alwaysAllowedCIDRs, istioLabels,
281281
)
282-
httpProxyEnvoyFilterSpec := envoyfilters.BuildHTTPProxyEnvoyFilterSpecForHelmChart(
282+
if err != nil {
283+
return err
284+
}
285+
httpProxyEnvoyFilterSpec, err := envoyfilters.BuildHTTPProxyEnvoyFilterSpecForHelmChart(
283286
cluster, spec.Rule, alwaysAllowedCIDRs, istioLabels,
284287
)
288+
if err != nil {
289+
return err
290+
}
285291

286292
cfg := map[string]interface{}{
287293
"shootName": cluster.Shoot.Status.TechnicalID,
@@ -298,8 +304,11 @@ func (a *actuator) createSeedResources(
298304
// The `nginx-ingress-controller` Gateway object only exists in g/g@v1.89, (introduced with
299305
// https://github.com/gardener/gardener/pull/9038).
300306
// If it doesn't exist yet, we can't apply ACLs to shoot ingresses.
301-
ingressEnvoyFilterSpec := envoyfilters.BuildIngressEnvoyFilterSpecForHelmChart(
307+
ingressEnvoyFilterSpec, err := envoyfilters.BuildIngressEnvoyFilterSpecForHelmChart(
302308
cluster, spec.Rule, alwaysAllowedCIDRs, defaultLabels)
309+
if err != nil {
310+
return err
311+
}
303312

304313
cfg["ingressEnvoyFilterSpec"] = ingressEnvoyFilterSpec
305314
}

0 commit comments

Comments
 (0)