Merge branch 'nginxinc:main' into test/add-runtime-manager-tests

Author: miledxz

.github/workflows/dependency-review.yml

@@ -15,6 +15,6 @@ jobs:
         uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
 
       - name: "Dependency Review"
-        uses: actions/dependency-review-action@80f10bf419f34980065523f5efca7ebed17576aa # v4.1.0
+        uses: actions/dependency-review-action@9129d7d40b8c12c1ed0f60400d00c92d437adcce # v4.1.3
         with:
           config-file: "nginxinc/k8s-common/dependency-review-config.yml@main"

.github/workflows/fossa.yml

@@ -22,6 +22,6 @@ jobs:
         uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
 
       - name: Scan
-        uses: fossas/fossa-action@f61a4c0c263690f2ddb54b9822a719c25a7b608f # v1.3.1
+        uses: fossas/fossa-action@47ef11b1e1e3812e88dae436ccbd2d0cbd1adab0 # v1.3.3
         with:
           api-key: ${{ secrets.FOSSA_TOKEN }}

.github/workflows/nginx-bot.yml

@@ -0,0 +1,35 @@
+name: NGINX Bot
+
+on:
+  issues:
+    types:
+      - opened
+      - reopened
+      - edited
+  pull_request:
+    types:
+      - opened
+      - reopened
+      - edited
+
+concurrency:
+  group: ${{ github.event.issue.number || github.event.pull_request.number }}-bot
+  cancel-in-progress: true
+
+permissions:
+  issues: write
+  pull-requests: write
+
+jobs:
+  comment:
+    name: Run the bot
+    runs-on: ubuntu-22.04
+    steps:
+      - name: Bot Action
+        uses: lucacome/nginx-bot@main
+        with:
+          pr-assignee-from-issue: 583
+          warn-missing-issue: true
+          missing-issue-message: |
+            Please make sure to include the issue number in the PR description to automatically close the issue when the PR is merged.
+            See [Linking a pull request to an issue](https://docs.github.com/en/issues/tracking-your-work-with-issues/linking-a-pull-request-to-an-issue) and our [Pull Request Guidelines](../docs/developer/pull-request.md) for more information.

.goreleaser.yml

@@ -66,3 +66,6 @@ release:
   extra_files:
     - glob: ./build/out/crds.yaml
     - glob: ./deploy/manifests/nginx-gateway.yaml
+    - glob: ./deploy/manifests/nginx-plus-gateway.yaml
+    - glob: ./deploy/manifests/nginx-gateway-experimental.yaml
+    - glob: ./deploy/manifests/nginx-plus-gateway-experimental.yaml

Makefile

@@ -45,7 +45,7 @@ build-images-with-plus: build-ngf-image build-nginx-plus-image ## Build the NGF
 
 .PHONY: build-ngf-image
 build-ngf-image: check-for-docker build ## Build the NGF docker image
-	docker build --platform linux/$(GOARCH) --target $(strip $(TARGET)) -f build/Dockerfile -t $(strip $(PREFIX)):$(strip $(TAG)) .
+	docker build --platform linux/$(GOARCH) --build-arg BUILD_AGENT=$(BUILD_AGENT) --target $(strip $(TARGET)) -f build/Dockerfile -t $(strip $(PREFIX)):$(strip $(TAG)) .
 
 .PHONY: build-nginx-image
 build-nginx-image: check-for-docker ## Build the custom nginx image

build/Dockerfile

@@ -27,6 +27,8 @@ RUN setcap 'cap_kill=+ep' /usr/bin/gateway
 
 FROM scratch as common
 USER 102:1001
+ARG BUILD_AGENT
+ENV BUILD_AGENT=${BUILD_AGENT}
 ENTRYPOINT [ "/usr/bin/gateway" ]
 
 FROM common as container

cmd/gateway/commands.go

@@ -44,19 +44,24 @@ func createRootCommand() *cobra.Command {
 func createStaticModeCommand() *cobra.Command {
 	// flag names
 	const (
-		gatewayFlag                = "gateway"
-		configFlag                 = "config"
-		serviceFlag                = "service"
-		updateGCStatusFlag         = "update-gatewayclass-status"
-		metricsDisableFlag         = "metrics-disable"
-		metricsSecureFlag          = "metrics-secure-serving"
-		metricsPortFlag            = "metrics-port"
-		healthDisableFlag          = "health-disable"
-		healthPortFlag             = "health-port"
-		leaderElectionDisableFlag  = "leader-election-disable"
-		leaderElectionLockNameFlag = "leader-election-lock-name"
-		plusFlag                   = "nginx-plus"
-		gwAPIExperimentalFlag      = "gateway-api-experimental-features"
+		gatewayFlag                 = "gateway"
+		configFlag                  = "config"
+		serviceFlag                 = "service"
+		updateGCStatusFlag          = "update-gatewayclass-status"
+		metricsDisableFlag          = "metrics-disable"
+		metricsSecureFlag           = "metrics-secure-serving"
+		metricsPortFlag             = "metrics-port"
+		healthDisableFlag           = "health-disable"
+		healthPortFlag              = "health-port"
+		leaderElectionDisableFlag   = "leader-election-disable"
+		leaderElectionLockNameFlag  = "leader-election-lock-name"
+		productTelemetryDisableFlag = "product-telemetry-disable"
+		plusFlag                    = "nginx-plus"
+		gwAPIExperimentalFlag       = "gateway-api-experimental-features"
+		usageReportSecretFlag       = "usage-report-secret"
+		usageReportServerURLFlag    = "usage-report-server-url"
+		usageReportSkipVerifyFlag   = "usage-report-skip-verify"
+		usageReportClusterNameFlag  = "usage-report-cluster-name"
 	)
 
 	// flag values
@@ -95,9 +100,19 @@ func createStaticModeCommand() *cobra.Command {
 			value:     "nginx-gateway-leader-election-lock",
 		}
 
-		plus bool
-
 		gwExperimentalFeatures bool
+
+		disableProductTelemetry bool
+
+		plus                   bool
+		usageReportSkipVerify  bool
+		usageReportClusterName = stringValidatingValue{
+			validator: validateQualifiedName,
+		}
+		usageReportSecretName = namespacedNameValue{}
+		usageReportServerURL  = stringValidatingValue{
+			validator: validateURL,
+		}
 	)
 
 	cmd := &cobra.Command{
@@ -134,6 +149,11 @@ func createStaticModeCommand() *cobra.Command {
 				return errors.New("POD_NAME environment variable must be set")
 			}
 
+			imageSource := os.Getenv("BUILD_AGENT")
+			if imageSource != "gha" && imageSource != "local" {
+				imageSource = "unknown"
+			}
+
 			period, err := time.ParseDuration(telemetryReportPeriod)
 			if err != nil {
 				return fmt.Errorf("error parsing telemetry report period: %w", err)
@@ -144,6 +164,20 @@ func createStaticModeCommand() *cobra.Command {
 				gwNsName = &gateway.value
 			}
 
+			var usageReportConfig *config.UsageReportConfig
+			if cmd.Flags().Changed(usageReportSecretFlag) {
+				if !plus {
+					return errors.New("usage-report arguments are only valid if using nginx-plus")
+				}
+
+				usageReportConfig = &config.UsageReportConfig{
+					SecretNsName:       usageReportSecretName.value,
+					ServerURL:          usageReportServerURL.value,
+					ClusterDisplayName: usageReportClusterName.value,
+					InsecureSkipVerify: usageReportSkipVerify,
+				}
+			}
+
 			conf := config.Config{
 				GatewayCtlrName:          gatewayCtlrName.value,
 				ConfigName:               configName.String(),
@@ -167,15 +201,20 @@ func createStaticModeCommand() *cobra.Command {
 					Port:    metricsListenPort.value,
 					Secure:  metricsSecure,
 				},
-				LeaderElection: config.LeaderElection{
+				LeaderElection: config.LeaderElectionConfig{
 					Enabled:  !disableLeaderElection,
 					LockName: leaderElectionLockName.String(),
 					Identity: podName,
 				},
-				Plus:                  plus,
-				TelemetryReportPeriod: period,
-				Version:               version,
-				ExperimentalFeatures:  gwExperimentalFeatures,
+				UsageReportConfig: usageReportConfig,
+				ProductTelemetryConfig: config.ProductTelemetryConfig{
+					TelemetryReportPeriod: period,
+					Enabled:               !disableProductTelemetry,
+				},
+				Plus:                 plus,
+				Version:              version,
+				ExperimentalFeatures: gwExperimentalFeatures,
+				ImageSource:          imageSource,
 			}
 
 			if err := static.StartManager(conf); err != nil {
@@ -282,6 +321,13 @@ func createStaticModeCommand() *cobra.Command {
 			"A Lease object with this name will be created in the same Namespace as the controller.",
 	)
 
+	cmd.Flags().BoolVar(
+		&disableProductTelemetry,
+		productTelemetryDisableFlag,
+		false,
+		"Disable the collection of product telemetry.",
+	)
+
 	cmd.Flags().BoolVar(
 		&plus,
 		plusFlag,
@@ -297,6 +343,33 @@ func createStaticModeCommand() *cobra.Command {
 			"Requires the Gateway APIs installed from the experimental channel.",
 	)
 
+	cmd.Flags().Var(
+		&usageReportSecretName,
+		usageReportSecretFlag,
+		"The namespace/name of the Secret containing the credentials for NGINX Plus usage reporting.",
+	)
+
+	cmd.Flags().Var(
+		&usageReportServerURL,
+		usageReportServerURLFlag,
+		"The base server URL of the NGINX Plus usage reporting server.",
+	)
+
+	cmd.MarkFlagsRequiredTogether(usageReportSecretFlag, usageReportServerURLFlag)
+
+	cmd.Flags().Var(
+		&usageReportClusterName,
+		usageReportClusterNameFlag,
+		"The display name of the Kubernetes cluster in the NGINX Plus usage reporting server.",
+	)
+
+	cmd.Flags().BoolVar(
+		&usageReportSkipVerify,
+		usageReportSkipVerifyFlag,
+		false,
+		"Disable client verification of the NGINX Plus usage reporting server certificate.",
+	)
+
 	return cmd
 }
 

cmd/gateway/commands_test.go

@@ -155,6 +155,9 @@ func TestStaticModeCmdFlagValidation(t *testing.T) {
 				"--health-disable",
 				"--leader-election-lock-name=my-lock",
 				"--leader-election-disable=false",
+				"--usage-report-secret=default/my-secret",
+				"--usage-report-server-url=https://my-api.com",
+				"--usage-report-cluster-name=my-cluster",
 			},
 			wantErr: false,
 		},
@@ -310,6 +313,66 @@ func TestStaticModeCmdFlagValidation(t *testing.T) {
 			wantErr:           true,
 			expectedErrPrefix: `invalid argument "" for "--leader-election-disable" flag: strconv.ParseBool`,
 		},
+		{
+			name: "usage-report-secret is set to empty string",
+			args: []string{
+				"--usage-report-secret=",
+			},
+			wantErr:           true,
+			expectedErrPrefix: `invalid argument "" for "--usage-report-secret" flag: must be set`,
+		},
+		{
+			name: "usage-report-secret is invalid",
+			args: []string{
+				"--usage-report-secret=my-secret", // no namespace
+			},
+			wantErr: true,
+			expectedErrPrefix: `invalid argument "my-secret" for "--usage-report-secret" flag: invalid format; ` +
+				"must be NAMESPACE/NAME",
+		},
+		{
+			name: "usage-report-server-url is set to empty string",
+			args: []string{
+				"--usage-report-server-url=",
+			},
+			wantErr:           true,
+			expectedErrPrefix: `invalid argument "" for "--usage-report-server-url" flag: must be set`,
+		},
+		{
+			name: "usage-report-server-url is an invalid url",
+			args: []string{
+				"--usage-report-server-url=invalid",
+			},
+			wantErr:           true,
+			expectedErrPrefix: `invalid argument "invalid" for "--usage-report-server-url" flag: "invalid" must be a valid URL`,
+		},
+		{
+			name: "usage secret and server url not specified together",
+			args: []string{
+				"--gateway-ctlr-name=gateway.nginx.org/nginx-gateway",
+				"--gatewayclass=nginx",
+				"--usage-report-server-url=http://example.com",
+			},
+			wantErr: true,
+			expectedErrPrefix: "if any flags in the group [usage-report-secret usage-report-server-url] " +
+				"are set they must all be set",
+		},
+		{
+			name: "usage-report-cluster-name is set to empty string",
+			args: []string{
+				"--usage-report-cluster-name=",
+			},
+			wantErr:           true,
+			expectedErrPrefix: `invalid argument "" for "--usage-report-cluster-name" flag: must be set`,
+		},
+		{
+			name: "usage-report-cluster-name is invalid",
+			args: []string{
+				"--usage-report-cluster-name=$invalid*(#)",
+			},
+			wantErr:           true,
+			expectedErrPrefix: `invalid argument "$invalid*(#)" for "--usage-report-cluster-name" flag: invalid format`,
+		},
 	}
 
 	// common flags validation is tested separately

cmd/gateway/validation.go

@@ -4,6 +4,7 @@ import (
 	"errors"
 	"fmt"
 	"net"
+	"net/url"
 	"regexp"
 	"strings"
 
@@ -89,6 +90,38 @@ func parseNamespacedResourceName(value string) (types.NamespacedName, error) {
 	}, nil
 }
 
+func validateQualifiedName(name string) error {
+	if len(name) == 0 {
+		return errors.New("must be set")
+	}
+
+	messages := validation.IsQualifiedName(name)
+	if len(messages) > 0 {
+		msg := strings.Join(messages, "; ")
+		return fmt.Errorf("invalid format: %s", msg)
+	}
+
+	return nil
+}
+
+func validateURL(value string) error {
+	if len(value) == 0 {
+		return errors.New("must be set")
+	}
+	val, err := url.Parse(value)
+	if err != nil {
+		return fmt.Errorf("%q must be a valid URL: %w", value, err)
+	}
+	if val.Scheme == "" {
+		return fmt.Errorf("%q must be a valid URL: bad scheme", value)
+	}
+	if val.Host == "" {
+		return fmt.Errorf("%q must be a valid URL: bad host", value)
+	}
+
+	return nil
+}
+
 func validateIP(ip string) error {
 	if ip == "" {
 		return errors.New("IP address must be set")