Implement SslPolicies for TargetHttpsProxy #1019
Conversation
|
Hi @spencerhance. Thanks for your PR. I'm waiting for a kubernetes member to verify that this patch is reasonable to test. If it is, they should reply with Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
k8s-ci-robot
added
needs-ok-to-test
|
/assign @rramkumar1 |
|
/ok-to-test |
k8s-ci-robot
added
ok-to-test
spencerhance
force-pushed
the
implement-feature-ssl-policy
branch
2 times, most recently
from
b6d2046
to
561d69b
Compare
spencerhance
force-pushed
the
implement-feature-ssl-policy
branch
4 times, most recently
from
351064e
to
c5703b8
Compare
k8s-ci-robot
added
size/L
spencerhance
force-pushed
the
implement-feature-ssl-policy
branch
from
c5703b8
to
15cf41a
Compare
|
@rramkumar1 Added a bunch of unit tests, can you take another look? I also refactored the syncing logic so that we sync on target proxy creation and later syncs |
| @@ -97,6 +99,18 @@ func newTestJig(t *testing.T) *testJig { | |||
| tp.SslCertificates = request.SslCertificates | |||
| return nil | |||
| } | |||
| mockGCE.MockTargetHttpsProxies.SetSslPolicyHook = func(ctx context.Context, key *meta.Key, ref *compute.SslPolicyReference, proxies *cloud.MockTargetHttpsProxies) error { | |||
There was a problem hiding this comment.
Is this hook special? Can it be added to k8s_cloud_provider mock.go instead?
If its too much work to re-vendor then I suppose we can have this here but would be good to upstream
There was a problem hiding this comment.
Can I do this in a follow up and add a TODO here? Re-vendoring always takes like a couple days to get all the approvals.
pkg/utils/utils.go
Outdated
| @@ -439,3 +439,8 @@ func IsLegacyL4ILBService(svc *api_v1.Service) bool { | |||
| } | |||
| return false | |||
| } | |||
|
|
|||
| // NewString returns a pointer to the provider string literal | |||
pkg/utils/utils.go
Outdated
| @@ -439,3 +439,8 @@ func IsLegacyL4ILBService(svc *api_v1.Service) bool { | |||
| } | |||
| return false | |||
| } | |||
|
|
|||
| // NewString returns a pointer to the provider string literal | |||
| func NewString(s string) *string { | |||
| desc string | ||
| fc *frontendconfigv1beta1.FrontendConfig | ||
| want *string | ||
| }{ |
There was a problem hiding this comment.
Do you need a case for frontend config with empty string ssl policy?
| want: "global/sslPolicies/test-policy", | ||
| }, | ||
| { | ||
| desc: "proxy with different ssl policy", |
There was a problem hiding this comment.
Is this a duplicate of the test case below?
| want: "", | ||
| }, | ||
| } | ||
|
|
There was a problem hiding this comment.
You need a case where a proxy has a policy and then the frontend config policy string is nil.
spencerhance
force-pushed
the
implement-feature-ssl-policy
branch
from
15cf41a
to
a0f6af4
Compare
|
Be sure to send a PR for the k8s_cloud_provider change /lgtm |
k8s-ci-robot
added
the
lgtm
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: rramkumar1, spencerhance The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
k8s-ci-robot
added
the
approved
This is the main feature PR for SslPolicies
This relies on a few other PRs, but can be reviewed in parallel