kubernetes-sigs · robscott · Apr 6, 2023 · thockin · Apr 6, 2023 · rainest
diff --git a/apis/v1alpha2/gatewayclass_types.go b/apis/v1alpha2/gatewayclass_types.go
@@ -44,7 +44,7 @@ import (
 // If implementations choose to propagate GatewayClass changes to existing
 // Gateways, that MUST be clearly documented by the implementation.
 //
-// Whenever one or more Gateways are using a GatewayClass, implementations MUST
+// Whenever one or more Gateways are using a GatewayClass, implementations SHOULD
 // add the `gateway-exists-finalizer.gateway.networking.k8s.io` finalizer on the
 // associated GatewayClass. This ensures that a GatewayClass associated with a
 // Gateway is not deleted while in use.

diff --git a/apis/v1alpha2/grpcroute_types.go b/apis/v1alpha2/grpcroute_types.go
@@ -18,6 +18,8 @@ package v1alpha2
 
 import (
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+
+	"sigs.k8s.io/gateway-api/apis/v1beta1"
 )
 
 // +genclient
@@ -149,7 +151,7 @@ type GRPCRouteSpec struct {
 	Rules []GRPCRouteRule `json:"rules,omitempty"`
 }
 
-// GRPCRouteRule defines the semantics for matching an gRPC request based on
+// GRPCRouteRule defines the semantics for matching a gRPC request based on
 // conditions (matches), processing it (filters), and forwarding the request to
 // an API object (backendRefs).
 type GRPCRouteRule struct {
@@ -205,7 +207,6 @@ type GRPCRouteRule struct {
 	//
 	// +optional
 	// +kubebuilder:validation:MaxItems=8
-	// +kubebuilder:default={{method: {type: "Exact"}}}
 	Matches []GRPCRouteMatch `json:"matches,omitempty"`
 
 	// Filters define the filters that are applied to requests that match
@@ -286,7 +287,6 @@ type GRPCRouteMatch struct {
 	// not specified, all services and methods will match.
 	//
 	// +optional
-	// +kubebuilder:default={type: "Exact"}
 	Method *GRPCMethodMatch `json:"method,omitempty"`
 
 	// Headers specifies gRPC request header matchers. Multiple match values are
@@ -321,25 +321,17 @@ type GRPCMethodMatch struct {
 	//
 	// At least one of Service and Method MUST be a non-empty string.
 	//
-	// A GRPC Service must be a valid Protobuf Type Name
-	// (https://protobuf.com/docs/language-spec#type-references).
-	//
 	// +optional
 	// +kubebuilder:validation:MaxLength=1024
-	// +kubebuilder:validation:Pattern=`^(?i)\.?[a-z_][a-z_0-9]*(\.[a-z_][a-z_0-9]*)*$`
 	Service *string `json:"service,omitempty"`
 
 	// Value of the method to match against. If left empty or omitted, will
 	// match all services.
 	//
 	// At least one of Service and Method MUST be a non-empty string.
 	//
-	// A GRPC Method must be a valid Protobuf Method
-	// (https://protobuf.com/docs/language-spec#methods).
-	//
 	// +optional
 	// +kubebuilder:validation:MaxLength=1024
-	// +kubebuilder:validation:Pattern=`^[A-Za-z_][A-Za-z_0-9]*$`
 	Method *string `json:"method,omitempty"`
 }
 
@@ -419,10 +411,7 @@ const (
 	GRPCHeaderMatchRegularExpression GRPCHeaderMatchType = "RegularExpression"
 )
 
-// +kubebuilder:validation:MinLength=1
-// +kubebuilder:validation:MaxLength=256
-// +kubebuilder:validation:Pattern=`^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$`
-type GRPCHeaderName string
+type GRPCHeaderName v1beta1.HeaderName
 
 // GRPCRouteFilterType identifies a type of GRPCRoute filter.
 type GRPCRouteFilterType string
@@ -513,7 +502,6 @@ type GRPCRouteFilter struct {
 	// Support: Extended
 	//
 	// +optional
-	// <gateway:experimental>
 	ResponseHeaderModifier *HTTPHeaderFilter `json:"responseHeaderModifier,omitempty"`
 
 	// RequestMirror defines a schema for a filter that mirrors requests.
@@ -562,6 +550,8 @@ type GRPCBackendRef struct {
 	//
 	// Support: Core for Kubernetes Service
 	//
+	// Support: Extended for Kubernetes ServiceImport
+	//
 	// Support: Implementation-specific for any other resource
 	//
 	// Support for weight: Core

diff --git a/apis/v1alpha2/httproute_types.go b/apis/v1alpha2/httproute_types.go
@@ -111,12 +111,8 @@ type HeaderMatchType = v1beta1.HeaderMatchType
 //     headers are not currently supported by this type.
 //
 // * "/invalid" - "/" is an invalid character
-//
-// +kubebuilder:validation:MinLength=1
-// +kubebuilder:validation:MaxLength=256
-// +kubebuilder:validation:Pattern=`^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$`
 // +k8s:deepcopy-gen=false
-type HTTPHeaderName = v1beta1.HTTPHeaderName
+type HTTPHeaderName = v1beta1.HeaderName
 
 // HTTPHeaderMatch describes how to select a HTTP route by matching HTTP request
 // headers.

diff --git a/apis/v1alpha2/tcproute_types.go b/apis/v1alpha2/tcproute_types.go
@@ -68,6 +68,8 @@ type TCPRouteRule struct {
 	//
 	// Support: Core for Kubernetes Service
 	//
+	// Support: Extended for Kubernetes ServiceImport
+	//
 	// Support: Implementation-specific for any other resource
 	//
 	// Support for weight: Extended

diff --git a/apis/v1alpha2/tlsroute_types.go b/apis/v1alpha2/tlsroute_types.go
@@ -112,6 +112,8 @@ type TLSRouteRule struct {
 	//
 	// Support: Core for Kubernetes Service
 	//
+	// Support: Extended for Kubernetes ServiceImport
+	//
 	// Support: Implementation-specific for any other resource
 	//
 	// Support for weight: Extended

diff --git a/apis/v1alpha2/udproute_types.go b/apis/v1alpha2/udproute_types.go
@@ -67,6 +67,9 @@ type UDPRouteRule struct {
 	// the packets, then 80% of packets must be dropped instead.
 	//
 	// Support: Core for Kubernetes Service
+	//
+	// Support: Extended for Kubernetes ServiceImport
+	//
 	// Support: Implementation-specific for any other resource
 	//
 	// Support for weight: Extended

diff --git a/apis/v1alpha2/validation/grpcroute.go b/apis/v1alpha2/validation/grpcroute.go
@@ -17,7 +17,9 @@ limitations under the License.
 package validation
 
 import (
+	"fmt"
 	"net/http"
+	"regexp"
 	"strings"
 
 	"k8s.io/apimachinery/pkg/util/validation/field"
@@ -31,6 +33,10 @@ var (
 	repeatableGRPCRouteFilters = []gatewayv1a2.GRPCRouteFilterType{
 		gatewayv1a2.GRPCRouteFilterExtensionRef,
 	}
+	validServiceName      = `^(?i)\.?[a-z_][a-z_0-9]*(\.[a-z_][a-z_0-9]*)*$`
+	validServiceNameRegex = regexp.MustCompile(validServiceName)
+	validMethodName       = `^[A-Za-z_][A-Za-z_0-9]*$`
+	validMethodNameRegex  = regexp.MustCompile(validMethodName)
 )
 
 // ValidateGRPCRoute validates GRPCRoute according to the Gateway API specification.
@@ -63,13 +69,26 @@ func validateGRPCRouteRules(rules []gatewayv1a2.GRPCRouteRule, path *field.Path)
 	return errs
 }
 
-// validateRuleMatches validates that at least one of the fields Service or Method of
-// GRPCMethodMatch to be specified
+// validateRuleMatches validates GRPCMethodMatch
 func validateRuleMatches(matches []gatewayv1a2.GRPCRouteMatch, path *field.Path) field.ErrorList {
 	var errs field.ErrorList
 	for i, m := range matches {
-		if m.Method != nil && m.Method.Service == nil && m.Method.Method == nil {
-			errs = append(errs, field.Required(path.Index(i).Child("method"), "one or both of `service` or `method` must be specified"))
+		if m.Method != nil {
+			if m.Method.Service == nil && m.Method.Method == nil {
+				errs = append(errs, field.Required(path.Index(i).Child("method"), "one or both of `service` or `method` must be specified"))
+			}
+			// GRPCRoute method matcher admits two types: Exact and RegularExpression.
+			// If not specified, the match will be treated as type Exact (also the default value for this field).
+			if m.Method.Type == nil || *m.Method.Type == gatewayv1a2.GRPCMethodMatchExact {
+				if m.Method.Service != nil && !validServiceNameRegex.MatchString(*m.Method.Service) {
+					errs = append(errs, field.Invalid(path.Index(i).Child("method"), *m.Method.Service,
+						fmt.Sprintf("must only contain valid characters (matching %s)", validServiceName)))
+				}
+				if m.Method.Method != nil && !validMethodNameRegex.MatchString(*m.Method.Method) {
+					errs = append(errs, field.Invalid(path.Index(i).Child("method"), *m.Method.Method,
+						fmt.Sprintf("must only contain valid characters (matching %s)", validMethodName)))
+				}
+			}
 		}
 		if m.Headers != nil {
 			errs = append(errs, validateGRPCHeaderMatches(m.Headers, path.Index(i).Child("headers"))...)

diff --git a/apis/v1alpha2/validation/grpcroute_test.go b/apis/v1alpha2/validation/grpcroute_test.go
@@ -29,8 +29,9 @@ import (
 func TestValidateGRPCRoute(t *testing.T) {
 	t.Parallel()
 
-	service := "foo"
-	method := "login"
+	service := "foo.Test.Example"
+	method := "Login"
+	regex := ".*"
 
 	tests := []struct {
 		name  string
@@ -87,6 +88,115 @@ func TestValidateGRPCRoute(t *testing.T) {
 				},
 			},
 		},
+		{
+			name: "GRPCRoute use regex in service and method with undefined match type",
+			rules: []gatewayv1a2.GRPCRouteRule{
+				{
+					Matches: []gatewayv1a2.GRPCRouteMatch{
+						{
+							Method: &gatewayv1a2.GRPCMethodMatch{
+								Service: &regex,
+								Method:  &regex,
+							},
+						},
+					},
+				},
+			},
+			errs: field.ErrorList{
+				{
+					Type:     field.ErrorTypeInvalid,
+					BadValue: regex,
+					Field:    "spec.rules[0].matches[0].method",
+					Detail:   `must only contain valid characters (matching ^(?i)\.?[a-z_][a-z_0-9]*(\.[a-z_][a-z_0-9]*)*$)`,
+				},
+				{
+					Type:     field.ErrorTypeInvalid,
+					BadValue: regex,
+					Field:    "spec.rules[0].matches[0].method",
+					Detail:   `must only contain valid characters (matching ^[A-Za-z_][A-Za-z_0-9]*$)`,
+				},
+			},
+		},
+		{
+			name: "GRPCRoute use regex in service and method with match type Exact",
+			rules: []gatewayv1a2.GRPCRouteRule{
+				{
+					Matches: []gatewayv1a2.GRPCRouteMatch{
+						{
+							Method: &gatewayv1a2.GRPCMethodMatch{
+								Service: &regex,
+								Method:  &regex,
+								Type:    ptrTo(gatewayv1a2.GRPCMethodMatchExact),
+							},
+						},
+					},
+				},
+			},
+			errs: field.ErrorList{
+				{
+					Type:     field.ErrorTypeInvalid,
+					BadValue: regex,
+					Field:    "spec.rules[0].matches[0].method",
+					Detail:   `must only contain valid characters (matching ^(?i)\.?[a-z_][a-z_0-9]*(\.[a-z_][a-z_0-9]*)*$)`,
+				},
+				{
+					Type:     field.ErrorTypeInvalid,
+					BadValue: regex,
+					Field:    "spec.rules[0].matches[0].method",
+					Detail:   `must only contain valid characters (matching ^[A-Za-z_][A-Za-z_0-9]*$)`,
+				},
+			},
+		},
+		{
+			name: "GRPCRoute use regex in service and method with match type RegularExpression",
+			rules: []gatewayv1a2.GRPCRouteRule{
+				{
+					Matches: []gatewayv1a2.GRPCRouteMatch{
+						{
+							Method: &gatewayv1a2.GRPCMethodMatch{
+								Service: &regex,
+								Method:  &regex,
+								Type:    ptrTo(gatewayv1a2.GRPCMethodMatchRegularExpression),
+							},
+						},
+					},
+				},
+			},
+			errs: field.ErrorList{},
+		},
+		{
+			name: "GRPCRoute use valid service and method with undefined match type",
+			rules: []gatewayv1a2.GRPCRouteRule{
+				{
+					Matches: []gatewayv1a2.GRPCRouteMatch{
+						{
+							Method: &gatewayv1a2.GRPCMethodMatch{
+								Service: &service,
+								Method:  &method,
+							},
+						},
+					},
+				},
+			},
+			errs: field.ErrorList{},
+		},
+		{
+			name: "GRPCRoute use valid service and method with match type Exact",
+			rules: []gatewayv1a2.GRPCRouteRule{
+				{
+					Matches: []gatewayv1a2.GRPCRouteMatch{
+						{
+							Method: &gatewayv1a2.GRPCMethodMatch{
+								Service: &service,
+								Method:  &method,
+								Type:    ptrTo(gatewayv1a2.GRPCMethodMatchExact),
+							},
+						},
+					},
+				},
+			},
+			errs: field.ErrorList{},
+		},
 		{
 			name: "GRPCRoute with duplicate ExtensionRef filters",
 			rules: []gatewayv1a2.GRPCRouteRule{