You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Why: Moving the test assignment after the error check avoids using a potentially invalid result; it’s a sound defensive fix with clear correspondence to the code.
Medium
Clamp weight into valid range
Guard against out-of-range desiredWeight values to prevent negative or >100 weights, which can break routing. Clamp the value to [0,100] before applying to BackendRefs.
+// clamp desiredWeight into [0,100]+if desiredWeight < 0 {+ desiredWeight = 0+} else if desiredWeight > 100 {+ desiredWeight = 100+}
for _, ref := range canaryBackendRefs {
ref.Weight = &desiredWeight
}
-...
restWeight := 100 - desiredWeight
for _, ref := range stableBackendRefs {
ref.Weight = &restWeight
}
Suggestion importance[1-10]: 6
__
Why: Clamping desiredWeight to [0,100] prevents invalid weights and aligns with assumed semantics; the mapping to the code region is correct, and the change is low-risk but beneficial.
Low
General
Avoid shared config mutation
Avoid mutating shared gatewayAPIConfig while iterating multiple routes, which can cause race or cross-route contamination. Pass a shallow copy with TLSRoute set per iteration.
Why: Copying the config per iteration avoids unintended side effects when iterating multiple routes; it improves safety and maintainability without altering behavior.
Check and handle the error from Update before using updatedTLSRoute. As written, updatedTLSRoute may be nil on error, leading to a potential nil dereference when assigning to r.UpdatedTLSRouteMock.
Why: Correctly reorders error handling for Update to avoid using a potentially nil updatedTLSRoute, preventing a possible nil dereference in tests; it's accurate and improves robustness.
Medium
General
Clamp weight to valid range
Guard against invalid desiredWeight values that can cause negative or >100 weights. Clamp the desired weight to [0,100] to prevent underflow or invalid percentages impacting routing behavior.
+// clamp desiredWeight to [0, 100]+if desiredWeight < 0 {+ desiredWeight = 0+} else if desiredWeight > 100 {+ desiredWeight = 100+}
for _, ref := range canaryBackendRefs {
ref.Weight = &desiredWeight
}
-...
restWeight := 100 - desiredWeight
for _, ref := range stableBackendRefs {
ref.Weight = &restWeight
}
Suggestion importance[1-10]: 7
__
Why: Adds validation to prevent invalid weights (<0 or >100) that could cause incorrect routing; not strictly required by the PR but a sensible safety improvement.
Medium
Default namespace for discovery
Ensure gatewayAPIConfig.Namespace is set before selector-based discovery for TLSRoutes. If absent, discovery calls may default to an empty namespace, causing failed lookups.
if gatewayAPIConfig.HTTPRouteSelector != nil ||
gatewayAPIConfig.GRPCRouteSelector != nil ||
gatewayAPIConfig.TCPRouteSelector != nil ||
gatewayAPIConfig.TLSRouteSelector != nil {
+ // default namespace from rollout if not provided+ if gatewayAPIConfig.Namespace == "" {+ gatewayAPIConfig.Namespace = rollout.Namespace+ }
if err := r.discoverRoutesBySelector(rollout, gatewayAPIConfig); err != nil {
return nil, err
}
}
Suggestion importance[1-10]: 6
__
Why: Setting a default namespace from the rollout before discovery can prevent empty-namespace lookups; useful but somewhat contextual since other parts may already set namespace.
Avoid mutating gatewayAPIConfig.TLSRoute inside the loop, which can leak state across iterations and later calls. Pass the route name to setTLSRouteWeight via a shallow copy of the config.
Why: Avoids mutating shared gatewayAPIConfig inside iteration by copying before setting TLSRoute, reducing side effects and potential bugs across route processing.
Medium
Possible issue
Handle update error before assignment
Check and handle the error from Update before using updatedTLSRoute. Using updatedTLSRoute when err is non-nil risks propagating a nil or stale object into r.UpdatedTLSRouteMock.
Why: Corrects error-handling order to avoid assigning updatedTLSRoute when err is non-nil, preventing test-state corruption; a modest but sound reliability improvement aligned with the new code.
Medium
Validate desired weight bounds
Guard against desiredWeight values outside 0-100 to prevent negative restWeight or overflow. Return a clear error if the desired weight is invalid.
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
kostis-codefresh
requested review from
Philipp-Plotnikov and
kostis-codefresh
ruslansuprun
force-pushed
the
main
branch
2 times, most recently
from
Closes #135
Summary
Changes
TLSRoutesupport for both: single route and list of routesConfiguration example