Open candita opened 3 months ago
cc @whitneygriffith @mlavacca
Invalid: both CACertificateRef and WellKnownCACertificates is specified
I think this test cannot be implemented, as this rule is directly enforced by CEL:
Valid BackendTLSPolicy with 1 targetRef/service using WellKnownCACertificates and matching hostname
WellKnownCACertificates
is an implementation-specific feature, therefore I think we should either:
Accepted
condition to false, as stated in https://github.com/kubernetes-sigs/gateway-api/blob/d49ae960279b7022c8f7e041221df306ef64094d/apis/v1alpha3/backendtlspolicy_types.go#L115-L118If we go the second way, though, in my opinion, this is beyond the bare minimum set of conformance tests needed for graduation.
Invalid: targetRef in different namespace
The TargetRef is a LocalPolicyTargetReference
, there is no namespace field in it. I think that a TargetRef
in a different namespace is impossible, given the current API state.
/assign @candita @whitneygriffith
Invalid: targetRef in different namespace The TargetRef is a
LocalPolicyTargetReference
, there is no namespace field in it. I think that aTargetRef
in a different namespace is impossible, given the current API state.
I agree, we don't need a conformance test for this case. The same applies for Invalid: Namespace (of targetRef) not set.
Updated test cases:
Removed test cases:
WellKnownCACertificates
is an implementation-specific feature and is beyond the minimum set of tests needed for graduation)
What would you like to be added: Conformance tests for BackendTLSPolicy. Comment below if you're interested in working on covering any of these areas.
Core Capabilities:
Why this is needed: This is needed in order for BackendTLSPolicy to graduate from v1alpha3 to v1.