Special weblogs infra for go proxies#6464
Conversation
|
|
b57d6eb to
0f1cb39
Compare
|
9ddbc8a to
7848092
Compare
7848092 to
66da111
Compare
66da111 to
b0b105d
Compare
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: b0b105d16d
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
|
|
||
| # TODO: remove and update the envoy/haproxy manifests to fully supports all scenarios | ||
| PROXY_SUPPORTED_SCENARIOS = { | ||
| # "DEFAULT", |
There was a problem hiding this comment.
Include DEFAULT in proxy CI scenarios
When generating the end-to-end matrix for envoy or haproxy, _is_supported only allows scenarios listed in PROXY_SUPPORTED_SCENARIOS, so leaving DEFAULT commented out drops the coverage that used to run under GO_PROXIES_DEFAULT (for example the tests whose @scenarios.go_proxies_default decorators were moved to @scenarios.default and the new envoy/haproxy manifest entries for default tests). Please include DEFAULT here or keep an equivalent replacement scenario, otherwise the proxy jobs no longer exercise those tests in CI.
Useful? React with 👍 / 👎.
|
Hi, I will take over this subject in #7179 |
Motivation
The Envoy and HAProxy proxy weblogs (Go security processor, via External Processing / Stream Processing Offload) previously required their own dedicated end-to-end scenarios (
GO_PROXIES_DEFAULT,GO_PROXIES_APPSEC_BLOCKING). That duplicated scenario wiring, kept proxy test activation locked inside scenario-specific decorators, and made it impossible to exercise the proxies against the same scenarios already used for every other weblog.This PR turns the proxies into first-class end-to-end weblogs so they run under the standard scenarios (e.g.
APPSEC_BLOCKING,APPSEC_BLOCKING_FULL_DENYLIST) instead of bespoke ones, with test activation driven by manifests like every other weblog.Changes
Weblog infrastructure refactor —
utils/_context/weblog_infrastructure.py(single module) →utils/_context/weblog_infrastructure/package:base.py— abstractWeblogInfra/EndToEndInfrainterfaces + shared container type aliaseslibrary_end_to_end.py—LibraryEndToEndInfrafor standard tracer weblogsgo_proxies.py—GoProxiesEndToEndInfrafor Envoy/HAProxy proxies + thePROXY_WEBLOGSregistryselector.py—EndToEndWeblogInfrapicks the library vs proxy infra from the weblog variant (incl. replay-mode discovery)Scenario model
GoProxiesScenario, theGO_PROXIES_DEFAULT/GO_PROXIES_APPSEC_BLOCKINGscenarios, and thego_proxiesscenario group.utils/scripts/ci_orchestrators/workflow_data.pygates them viaPROXY_WEBLOGS+PROXY_SUPPORTED_SCENARIOS.Test activation — moved proxy-specific deactivations out of
@scenarios.go_proxies_*decorators and intomanifests/envoy.yml/manifests/haproxy.yml(manifest-first, per repo conventions).Framework
EndToEndScenario.weblog_containernow resolves to the library container (proxies have distinct HTTP vs library containers); addedget_image_listaggregation.ExternalProcessingContainer/StreamProcessingOffloadContainergainedtrace_agent_port+warmup_requestso they fit the standard e2e lifecycle.DefaultScenariono longer setsDD_IAST_SECURITY_CONTROLS_CONFIGURATIONwhen the mapped value is theTODOplaceholder (also fixes previously setting the literalTODOfor unsupported libraries).Misc — removed the obsolete
tests/external_processing/suite and the Go proxies docs section; the CI workflow now passes--weblog ${{ inputs.weblog }}to every scenario run and drops the GO_PROXIES steps.Workflow
🚀 Once your PR is reviewed and the CI green, you can merge it!
🛟 #apm-shared-testing 🛟
Reviewer checklist
tests/ormanifests/is modified ? I have the approval from R&P team — framework + scenarios are modified, R&P review requiredbuild-XXX-imagelabel is presentGO_PROXIES_DEFAULT/GO_PROXIES_APPSEC_BLOCKINGremoved