-
Notifications
You must be signed in to change notification settings - Fork 482
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Conformance tests for BackendTLSPolicy #3138
Comments
I think this test cannot be implemented, as this rule is directly enforced by CEL:
|
If we go the second way, though, in my opinion, this is beyond the bare minimum set of conformance tests needed for graduation. |
The TargetRef is a gateway-api/apis/v1alpha2/policy_types.go Lines 39 to 48 in 86c06a0
|
/assign @candita @whitneygriffith |
I agree, we don't need a conformance test for this case. The same applies for Invalid: Namespace (of targetRef) not set. |
Updated test cases:
Removed test cases:
|
The Kubernetes project currently lacks enough contributors to adequately respond to all issues. This bot triages un-triaged issues according to the following rules:
You can:
Please send feedback to sig-contributor-experience at kubernetes/community. /lifecycle stale |
What would you like to be added:
Conformance tests for BackendTLSPolicy. Comment below if you're interested in working on covering any of these areas.
Core Capabilities:
Valid BackendTLSPolicy with 1 targetRef/service using WellKnownCACertificates and matching hostnameInvalid: targetRef in different namespaceInvalid: both CACertificateRef and WellKnownCACertificates is specifiedInvalid: SNI hostname invalid - not RFC1123 (should be caught by validation)Invalid: Namespace (of targetRef) not setWhy this is needed:
This is needed in order for BackendTLSPolicy to graduate from v1alpha3 to v1.
The text was updated successfully, but these errors were encountered: