Fix where the new go module needed by echo-basic resides.

candita · candita · commit 7626aaa02ac2 · 2024-08-19T14:47:55.000-04:00
See https://github.com/kubernetes-sigs/gateway-api/pull/2745/files#diff-cf5b4a9b433acc91f8c7cc2dc802e29aa712c8d820887742f3bc5ae45b7a9d0fR24-R28
diff --git a/conformance/base/manifests.yaml b/conformance/base/manifests.yaml
@@ -740,9 +740,9 @@ spec:
   selector:
     app: backendtlspolicy-test
   ports:
-    - protocol: TCP
-      port: 443
-      targetPort: 8443
+  - protocol: TCP
+    port: 443
+    targetPort: 8443
 ---
 apiVersion: apps/v1
 kind: Deployment
@@ -762,34 +762,33 @@ spec:
         app: backendtlspolicy-test
     spec:
       containers:
-        - name: backendtlspolicy-test
-          image: gcr.io/k8s-staging-gateway-api/echo-basic:v20240412-v1.0.0-394-g40c666fd
-          volumeMounts:
-            - name: secret-volume
-              mountPath: /etc/secret-volume
-          env:
-            - name: POD_NAME
-              valueFrom:
-                fieldRef:
-                  fieldPath: metadata.name
-            - name: NAMESPACE
-              valueFrom:
-                fieldRef:
-                  fieldPath: metadata.namespace
-            - name: CA_CERT
-              value: /etc/secret-volume/crt
-            - name: CA_CERT_KEY
-              value: /etc/secret-volume/key
-          resources:
-            requests:
-              cpu: 10m
-      volumes:
+      - name: backendtlspolicy-test
+        image: gcr.io/k8s-staging-gateway-api/echo-basic:v20240412-v1.0.0-394-g40c666fd
+        volumeMounts:
         - name: secret-volume
-          secret:
-            secretName: backend-tls-checks-certificate
-            items:
-              - key: tls.crt
-                path: crt
-              - key: tls.key
-                path: key
----
+          mountPath: /etc/secret-volume
+        env:
+        - name: POD_NAME
+          valueFrom:
+            fieldRef:
+              fieldPath: metadata.name
+        - name: NAMESPACE
+          valueFrom:
+            fieldRef:
+              fieldPath: metadata.namespace
+        - name: CA_CERT
+          value: /etc/secret-volume/crt
+        - name: CA_CERT_KEY
+          value: /etc/secret-volume/key
+        resources:
+          requests:
+            cpu: 10m
+      volumes:
+      - name: secret-volume
+        secret:
+          secretName: backend-tls-checks-certificate
+          items:
+          - key: tls.crt
+            path: crt
+          - key: tls.key
+            path: key
diff --git a/conformance/echo-basic/.go.mod b/conformance/echo-basic/.go.mod
@@ -3,6 +3,7 @@ module sigs.k8s.io/gateway-api/conformance/echo-basic
 go 1.21
 
 require (
+	github.com/paultag/sniff v0.0.0-20200207005214-cf7e4d167732
 	golang.org/x/net v0.21.0
 	google.golang.org/grpc v1.53.0
 	google.golang.org/protobuf v1.28.1
diff --git a/conformance/echo-basic/.go.sum b/conformance/echo-basic/.go.sum
@@ -4,6 +4,8 @@ github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiu
 github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38=
 github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
+github.com/paultag/sniff v0.0.0-20200207005214-cf7e4d167732 h1:nkseUkzjazCNyGhkRwnJ1OiHSwMXazsJQx+Ci+oVLEM=
+github.com/paultag/sniff v0.0.0-20200207005214-cf7e4d167732/go.mod h1:J3XXNGJINXLa4yIivdUT0Ad/srv2q0pSOWbbm6El2EY=
 golang.org/x/net v0.21.0 h1:AQyQV4dYCvJ7vGmJyKki9+PBdyvhkSd8EIx/qb0AYv4=
 golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44=
 golang.org/x/sys v0.17.0 h1:25cE3gD+tdBA7lp7QfhuV+rJiE9YXTcS3VG1SqssI/Y=
diff --git a/conformance/echo-basic/echo-basic.go b/conformance/echo-basic/echo-basic.go
@@ -226,7 +226,9 @@ func echoHandler(w http.ResponseWriter, r *http.Request) {
 	if strings.Contains(r.RequestURI, "backendTLS") {
 		sni, err = sniffForSNI(r.RemoteAddr)
 		if err != nil {
-			// Todo: research if for some test cases there won't be one
+			// TODO: research if for some test cases there won't be SNI available.
+			processError(w, err, http.StatusBadRequest)
+			return
 		}
 	}
 
@@ -340,14 +342,15 @@ func sniffForSNI(addr string) (string, error) {
 			return "", fmt.Errorf("could not read socket: %v", err)
 		}
 		// Take an incoming TLS Client Hello and return the SNI name.
-		sni, err = parser.GetHostname(data[:])
+		sni, err = parser.GetHostname(data)
 		if err != nil {
 			return "", fmt.Errorf("error getting SNI: %v", err)
 		}
 		if sni == "" {
 			return "", fmt.Errorf("no server name indication found")
+		} else {
+			return sni, nil
 		}
-		return sni, nil
 	}
 }
 
diff --git a/conformance/tests/backendtlspolicy-normative.yaml b/conformance/tests/backendtlspolicy-normative.yaml
@@ -23,12 +23,12 @@ metadata:
   namespace: gateway-conformance-infra
 spec:
   targetRefs:
-    - group: ""
-      kind: Service
-      name: "backendtlspolicy-test"
+  - group: ""
+    kind: Service
+    name: "backendtlspolicy-test"
   validation:
     caCertificateRefs:
       group: ""
       kind: Secret
       name: "backend-tls-checks-certificate"
-    hostname: "abc.example.com"
+    hostname: "abc.example.com"
diff --git a/go.mod b/go.mod
@@ -5,7 +5,6 @@ go 1.22.0
 require (
 	github.com/ahmetb/gen-crd-api-reference-docs v0.3.0
 	github.com/miekg/dns v1.1.58
-	github.com/paultag/sniff v0.0.0-20200207005214-cf7e4d167732
 	github.com/stretchr/testify v1.9.0
 	golang.org/x/net v0.24.0
 	golang.org/x/sync v0.7.0
diff --git a/go.sum b/go.sum
@@ -97,8 +97,6 @@ github.com/onsi/ginkgo/v2 v2.17.1 h1:V++EzdbhI4ZV4ev0UTIj0PzhzOcReJFyJaLjtSF55M8
 github.com/onsi/ginkgo/v2 v2.17.1/go.mod h1:llBI3WDLL9Z6taip6f33H76YcWtJv+7R3HigUjbIBOs=
 github.com/onsi/gomega v1.33.0 h1:snPCflnZrpMsy94p4lXVEkHo12lmPnc3vY5XBbreexE=
 github.com/onsi/gomega v1.33.0/go.mod h1:+925n5YtiFsLzzafLUHzVMBpvvRAzrydIBiSIxjX3wY=
-github.com/paultag/sniff v0.0.0-20200207005214-cf7e4d167732 h1:nkseUkzjazCNyGhkRwnJ1OiHSwMXazsJQx+Ci+oVLEM=
-github.com/paultag/sniff v0.0.0-20200207005214-cf7e4d167732/go.mod h1:J3XXNGJINXLa4yIivdUT0Ad/srv2q0pSOWbbm6El2EY=
 github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
 github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=

Original file line number	Diff line number	Diff line change
`@@ -226,7 +226,9 @@ func echoHandler(w http.ResponseWriter, r *http.Request) {`
`226`	`226`	`if strings.Contains(r.RequestURI, "backendTLS") {`
`227`	`227`	`sni, err = sniffForSNI(r.RemoteAddr)`
`228`	`228`	`if err != nil {`
`229`		`- // Todo: research if for some test cases there won't be one`
	`229`	`+ // TODO: research if for some test cases there won't be SNI available.`
	`230`	`+ processError(w, err, http.StatusBadRequest)`
	`231`	`+ return`
`230`	`232`	`}`
`231`	`233`	`}`
`232`	`234`
`@@ -340,14 +342,15 @@ func sniffForSNI(addr string) (string, error) {`
`340`	`342`	`return "", fmt.Errorf("could not read socket: %v", err)`
`341`	`343`	`}`
`342`	`344`	`// Take an incoming TLS Client Hello and return the SNI name.`
`343`		`- sni, err = parser.GetHostname(data[:])`
	`345`	`+ sni, err = parser.GetHostname(data)`
`344`	`346`	`if err != nil {`
`345`	`347`	`return "", fmt.Errorf("error getting SNI: %v", err)`
`346`	`348`	`}`
`347`	`349`	`if sni == "" {`
`348`	`350`	`return "", fmt.Errorf("no server name indication found")`
	`351`	`+ } else {`
	`352`	`+ return sni, nil`
`349`	`353`	`}`
`350`		`- return sni, nil`
`351`	`354`	`}`
`352`	`355`	`}`
`353`	`356`