From 10a31f12f618a4781e6568196e923884067e8c23 Mon Sep 17 00:00:00 2001 From: "Huabing (Robin) Zhao" Date: Sat, 4 Jan 2025 03:59:06 +0800 Subject: [PATCH] fix: nil pointer error (#5000) * fix: nil pointer error Signed-off-by: Huabing Zhao --- internal/gatewayapi/securitypolicy.go | 14 ++++++--- ...ecuritypolicy-with-extauth-backend.in.yaml | 12 ++++++-- ...curitypolicy-with-extauth-backend.out.yaml | 29 +++++++++++++++---- release-notes/current.yaml | 1 + 4 files changed, 44 insertions(+), 12 deletions(-) diff --git a/internal/gatewayapi/securitypolicy.go b/internal/gatewayapi/securitypolicy.go index d21f240f1fa..3e00893f662 100644 --- a/internal/gatewayapi/securitypolicy.go +++ b/internal/gatewayapi/securitypolicy.go @@ -962,10 +962,16 @@ func backendRefAuthority(resources *resource.Resources, backendRef *gwapiv1.Back } } - return net.JoinHostPort( - fmt.Sprintf("%s.%s", backendRef.Name, backendNamespace), - strconv.Itoa(int(*backendRef.Port)), - ) + // Port is mandatory for Kubernetes services + if backendKind == resource.KindService { + return net.JoinHostPort( + fmt.Sprintf("%s.%s", backendRef.Name, backendNamespace), + strconv.Itoa(int(*backendRef.Port)), + ) + } + + // Fallback to the backendRef name, normally it's a unix domain socket in this case + return fmt.Sprintf("%s.%s", backendRef.Name, backendNamespace) } func (t *Translator) buildAuthorization(policy *egv1a1.SecurityPolicy) (*ir.Authorization, error) { diff --git a/internal/gatewayapi/testdata/securitypolicy-with-extauth-backend.in.yaml b/internal/gatewayapi/testdata/securitypolicy-with-extauth-backend.in.yaml index 5d756b3b981..11715e27e71 100644 --- a/internal/gatewayapi/testdata/securitypolicy-with-extauth-backend.in.yaml +++ b/internal/gatewayapi/testdata/securitypolicy-with-extauth-backend.in.yaml @@ -107,6 +107,15 @@ backends: - fqdn: hostname: 'primary.foo.com' port: 3000 + - apiVersion: gateway.envoyproxy.io/v1alpha1 + kind: Backend + metadata: + name: backend-uds + namespace: default + spec: + endpoints: + - unix: + path: '/var/run/uds.sock' referenceGrants: - apiVersion: gateway.networking.k8s.io/v1alpha2 kind: ReferenceGrant @@ -179,7 +188,6 @@ securityPolicies: extAuth: http: backendRef: - name: backend-fqdn + name: backend-uds kind: Backend group: gateway.envoyproxy.io - port: 3000 diff --git a/internal/gatewayapi/testdata/securitypolicy-with-extauth-backend.out.yaml b/internal/gatewayapi/testdata/securitypolicy-with-extauth-backend.out.yaml index d5326219c97..34eff3c3cc5 100644 --- a/internal/gatewayapi/testdata/securitypolicy-with-extauth-backend.out.yaml +++ b/internal/gatewayapi/testdata/securitypolicy-with-extauth-backend.out.yaml @@ -17,6 +17,23 @@ backends: reason: Accepted status: "True" type: Accepted +- apiVersion: gateway.envoyproxy.io/v1alpha1 + kind: Backend + metadata: + creationTimestamp: null + name: backend-uds + namespace: default + spec: + endpoints: + - unix: + path: /var/run/uds.sock + status: + conditions: + - lastTransitionTime: null + message: The Backend was accepted + reason: Accepted + status: "True" + type: Accepted gateways: - apiVersion: gateway.networking.k8s.io/v1 kind: Gateway @@ -322,8 +339,7 @@ securityPolicies: backendRef: group: gateway.envoyproxy.io kind: Backend - name: backend-fqdn - port: 3000 + name: backend-uds targetRef: group: gateway.networking.k8s.io kind: HTTPRoute @@ -526,14 +542,15 @@ xdsIR: security: extAuth: http: - authority: primary.foo.com:3000 + authority: backend-uds.default destination: name: securitypolicy/default/policy-for-http-route-3-http-backendref/extauth/0 settings: - - addressType: FQDN + - addressType: IP endpoints: - - host: primary.foo.com - port: 3000 + - host: "" + path: /var/run/uds.sock + port: 0 protocol: HTTP weight: 1 path: "" diff --git a/release-notes/current.yaml b/release-notes/current.yaml index 4d61dd6b19f..fdc674f039a 100644 --- a/release-notes/current.yaml +++ b/release-notes/current.yaml @@ -20,6 +20,7 @@ new features: | # Fixes for bugs identified in previous versions. bug fixes: | + Fixed a nil pointer error that occurs when a SecurityPolicy refers to a UDS backend # Enhancements that improve performance. performance improvements: |