Fix e2e tests and examples to be compatible w/ latest CRDs (#515)

* Fix e2e tests and examples to be compatible w/ latest CRDs

* Fix empty rule matching behavior

Author: Doyoon Kim

examples/my-hotel-gateway-tls.yaml

@@ -11,10 +11,9 @@ spec:
   - name: https
     protocol: HTTPS
     port: 443
-  - name: tls-with-customer-cert
-    protocol: HTTPS
-    port: 443
     tls:
       mode: Terminate
+      certificateRefs:
+      - name: unused
       options:
-        application-networking.k8s.aws/certificate-arn: arn:aws:acm:us-west-2:<account>:certificate/4555204d-07e1-43f0-a533-d02750f41545
+        application-networking.k8s.aws/certificate-arn: "" # arn:aws:acm:us-west-2:<account>:certificate/<certificate-id>

examples/parking-route-path.yaml

@@ -10,6 +10,7 @@ spec:
   - backendRefs:
     - name: parking-ver1
       kind: Service
+      port: 80
     matches:
     - path:
         type: PathPrefix

examples/second-account-gw1-full-setup.yaml

@@ -62,6 +62,7 @@ spec:
     - backendRefs:
         - name: second-account-gw1-svc
           kind: Service
+          port: 80
       matches:
         - path:
             type: PathPrefix

examples/tls-route-with-own-cert.yaml

@@ -7,7 +7,7 @@ spec:
   - tls-parking.my-test.com
   parentRefs:
   - name: my-hotel
-    sectionName: tls-with-customer-cert
+    sectionName: https
   rules:
   - backendRefs:
     - name: parking-ver3

pkg/aws/services/tagging.go

@@ -17,6 +17,7 @@ const (
 	resourceTypePrefix = "vpc-lattice:"
 
 	ResourceTypeTargetGroup ResourceType = resourceTypePrefix + "targetgroup"
+	ResourceTypeService     ResourceType = resourceTypePrefix + "service"
 
 	// https://docs.aws.amazon.com/resourcegroupstagging/latest/APIReference/API_GetResources.html#API_GetResources_RequestSyntax
 	maxArnsPerGetResourcesApi = 100

pkg/gateway/model_build_rule.go

@@ -61,6 +61,13 @@ func (t *latticeServiceModelBuildTask) buildRules(ctx context.Context, stackList
 			if err := t.updateRuleSpecWithHeaderMatches(match, &ruleSpec); err != nil {
 				return err
 			}
+		} else {
+			// Match every traffic on no matches
+			ruleSpec.PathMatchValue = "/"
+			ruleSpec.PathMatchPrefix = true
+			if _, ok := rule.(*core.GRPCRouteRule); ok {
+				ruleSpec.Method = string(gwv1.HTTPMethodPost)
+			}
 		}
 
 		ruleTgList, err := t.getTargetGroupsForRuleAction(ctx, rule)

pkg/gateway/model_build_rule_test.go

@@ -153,6 +153,8 @@ func Test_RuleModelBuild(t *testing.T) {
 			expectedSpec: []model.RuleSpec{ // note priority is only calculated at synthesis b/c it requires access to existing rules
 				{
 					StackListenerId: "listener-id",
+					PathMatchPrefix: true,
+					PathMatchValue:  "/",
 					Action: model.RuleAction{
 						TargetGroups: []*model.RuleTargetGroup{
 							{
@@ -195,6 +197,8 @@ func Test_RuleModelBuild(t *testing.T) {
 			expectedSpec: []model.RuleSpec{
 				{
 					StackListenerId: "listener-id",
+					PathMatchPrefix: true,
+					PathMatchValue:  "/",
 					Action: model.RuleAction{
 						TargetGroups: []*model.RuleTargetGroup{
 							{
@@ -243,6 +247,8 @@ func Test_RuleModelBuild(t *testing.T) {
 			expectedSpec: []model.RuleSpec{
 				{
 					StackListenerId: "listener-id",
+					PathMatchPrefix: true,
+					PathMatchValue:  "/",
 					Action: model.RuleAction{
 						TargetGroups: []*model.RuleTargetGroup{
 							{
@@ -564,6 +570,9 @@ func Test_RuleModelBuild(t *testing.T) {
 			expectedSpec: []model.RuleSpec{
 				{
 					StackListenerId: "listener-id",
+					Method:          string(httpPost),
+					PathMatchPrefix: true,
+					PathMatchValue:  "/",
 					Action: model.RuleAction{
 						TargetGroups: []*model.RuleTargetGroup{
 							{
@@ -1407,6 +1416,8 @@ func Test_RuleModelBuild(t *testing.T) {
 			expectedSpec: []model.RuleSpec{
 				{
 					StackListenerId: "listener-id",
+					PathMatchPrefix: true,
+					PathMatchValue:  "/",
 					Action: model.RuleAction{
 						TargetGroups: []*model.RuleTargetGroup{
 							{
@@ -1453,6 +1464,8 @@ func Test_RuleModelBuild(t *testing.T) {
 			expectedSpec: []model.RuleSpec{
 				{
 					StackListenerId: "listener-id",
+					PathMatchPrefix: true,
+					PathMatchValue:  "/",
 					Action: model.RuleAction{
 						TargetGroups: []*model.RuleTargetGroup{
 							{

test/pkg/test/framework.go

@@ -107,6 +107,7 @@ type Framework struct {
 	controllerRuntimeConfig *rest.Config
 	Log                     gwlog.Logger
 	LatticeClient           services.Lattice
+	TaggingClient           services.Tagging
 	Ec2Client               *ec2.EC2
 	GrpcurlRunner           *corev1.Pod
 	DefaultTags             services.Tags
@@ -123,10 +124,12 @@ func NewFramework(ctx context.Context, log gwlog.Logger, testNamespace string) *
 		Region:      config.Region,
 		ClusterName: config.ClusterName,
 	}
+	sess := session.Must(session.NewSession())
 	framework := &Framework{
 		Client:                  lo.Must(client.New(controllerRuntimeConfig, client.Options{Scheme: testScheme})),
-		LatticeClient:           services.NewDefaultLattice(session.Must(session.NewSession()), config.Region), // region is currently hardcoded
-		Ec2Client:               ec2.New(session.Must(session.NewSession(&aws.Config{Region: aws.String(config.Region)}))),
+		LatticeClient:           services.NewDefaultLattice(sess, config.Region),
+		TaggingClient:           services.NewDefaultTagging(sess, config.Region),
+		Ec2Client:               ec2.New(sess, &aws.Config{Region: aws.String(config.Region)}),
 		GrpcurlRunner:           &corev1.Pod{},
 		ctx:                     ctx,
 		Log:                     log,
@@ -150,25 +153,17 @@ func (env *Framework) ExpectToBeClean(ctx context.Context) {
 	})
 
 	Eventually(func(g Gomega) {
-		retrievedServices, _ := env.LatticeClient.ListServicesAsList(ctx, &vpclattice.ListServicesInput{})
-		for _, service := range retrievedServices {
-			env.Log.Infof("Found service, checking if created by current EKS Cluster: %v", service)
-			managed, err := env.Cloud.IsArnManaged(ctx, *service.Arn)
-			if err == nil { // ignore error as they can be a shared resource.
-				g.Expect(managed).To(BeFalse())
-			}
-		}
+		arns, err := env.TaggingClient.FindResourcesByTags(ctx, services.ResourceTypeService, env.DefaultTags)
+		env.Log.Infow("Expecting no services created by the controller", "found", arns)
+		g.Expect(err).To(BeNil())
+		g.Expect(arns).To(BeEmpty())
+	}).Should(Succeed())
 
-		retrievedTargetGroups, _ := env.LatticeClient.ListTargetGroupsAsList(ctx, &vpclattice.ListTargetGroupsInput{
-			VpcIdentifier: &config.VpcID,
-		})
-		for _, tg := range retrievedTargetGroups {
-			env.Log.Infof("Found TargetGroup: %s, checking if created by current EKS Cluster", *tg.Id)
-			managed, err := env.Cloud.IsArnManaged(ctx, *tg.Arn)
-			if err == nil { // ignore error as they can be a shared resource.
-				g.Expect(managed).To(BeFalse())
-			}
-		}
+	Eventually(func(g Gomega) {
+		arns, err := env.TaggingClient.FindResourcesByTags(ctx, services.ResourceTypeTargetGroup, env.DefaultTags)
+		env.Log.Infow("Expecting no target groups created by the controller", "found", arns)
+		g.Expect(err).To(BeNil())
+		g.Expect(arns).To(BeEmpty())
 	}).Should(Succeed())
 }
 

test/pkg/test/gateway.go

@@ -1,6 +1,7 @@
 package test
 
 import (
+	"github.com/samber/lo"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	gwv1 "sigs.k8s.io/gateway-api/apis/v1"
 )
@@ -27,6 +28,14 @@ func (env *Framework) NewGateway(name string, namespace string) *gwv1.Gateway {
 						Name:     "https",
 						Protocol: gwv1.HTTPSProtocolType,
 						Port:     443,
+						TLS: &gwv1.GatewayTLSConfig{
+							Mode: lo.ToPtr(gwv1.TLSModeTerminate),
+							CertificateRefs: []gwv1.SecretObjectReference{
+								{
+									Name: "dummy",
+								},
+							},
+						},
 					},
 				},
 			},

test/pkg/test/header_match_httproute.go

@@ -16,6 +16,7 @@ func (env *Framework) NewHeaderMatchHttpRoute(parentRefsGateway *gwv1.Gateway, s
 					BackendObjectReference: gwv1.BackendObjectReference{
 						Name: gwv1.ObjectName(service.Name),
 						Kind: lo.ToPtr(gwv1.Kind("Service")),
+						Port: (*gwv1.PortNumber)(&service.Spec.Ports[0].Port),
 					},
 				},
 			}},