Skip to content

Add Functional tests for ProxySettingsPolicy #4482

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
tataruty wants to merge 1 commit into
base: feat/proxy-settings-policy
Choose a base branch
from
Draft

Add Functional tests for ProxySettingsPolicy #4482

tataruty wants to merge 1 commit into from

Conversation

@tataruty
Copy link
Contributor

@tataruty tataruty commented Dec 17, 2025

Problem: As an NGF developer
I want functional tests for the ProxySettingsPolicy
So that I can ensure that nginx behaves properly when defining proxy settings.

Acceptance:
Functional tests are added for ProxySettingsPolicy
https://github.com/nginx/nginx-gateway-fabric/blob/main/docs/proposals/proxy-settings.md#testing
verify nginx config looks correct

Solution: Added next Functional tests that test the attachment and inheritance behavior, including:

Policy attached to Gateway only

  • policy accepted
  • checked nginx.conf
  • checked request to coffee(failed) and tea)

Policy attached to Route only

  • checked policy accepted,
  • checked nginx.conf
  • checked request to coffee and tea)

Policy attached to both Gateway and Route

  • checked policy accepted
  • checked nginx.conf
  • checked request to coffee and tea (HTTPRoute wins gateway buffering settings)

With inheritance and override scenarios:

  • Gateway and HTTPRoute disabled
  • Gateway enabled and HTTPRoute disabled
  • Gateway disabled and HTTPRoute enabled: Gateway policy disables buffering, Route policy explicitly sets disable: false and specifies buffer sizes (should work correctly)
  • Gateway disabled and HTTPRoute not forcing enabled: Gateway policy disables buffering, Route policy specifies buffer sizes without setting disable: false (should set PartiallyInvalid condition)

Validation tests for invalid configurations

In progress

Closes #4264

Checklist

Before creating a PR, run through this checklist and mark each as complete.

  • I have read the CONTRIBUTING doc
  • I have added tests that prove my fix is effective or that my feature works
  • I have checked that all unit tests pass after adding my changes
  • I have updated necessary documentation
  • I have rebased my branch onto main
  • I will ensure my PR is targeting the main branch and pulling from my branch from my own fork

Release notes

NONE

@github-actions github-actions bot added the tests Pull requests that update tests label Dec 17, 2025
salonichf5
salonichf5 reviewed Dec 18, 2025
View reviewed changes
tests/suite/proxy_settings_test.go
Comment on lines +586 to +632
// ????????????????????????????????????????????????// ????????????????????????????????
// Route policy specifies buffer sizes without setting disable: false (should set PartiallyInvalid condition)
When("valid disable for Gateway ProxySettingsPolicies is inherited by HTTPRoute", func() {
var (
policies = []string{
"proxy-settings-policy/gateway-disabled-coffee-not-enabled-proxy-settings.yaml",
}

baseURL string
)

BeforeAll(func() {
Expect(resourceManager.ApplyFromFiles(policies, namespace)).To(Succeed())

port := 80
if portFwdPort != 0 {
port = portFwdPort
}

baseURL = fmt.Sprintf("http://cafe.example.com:%d", port)
})

AfterAll(func() {
Expect(resourceManager.DeleteFromFiles(policies, namespace)).To(Succeed())
})

Specify("they are accepted by the target resource", func() {
policyNames := []string{
"gateway-proxy-settings",
"coffee-proxy-settings",
}

for _, name := range policyNames {
nsname := types.NamespacedName{Name: name, Namespace: namespace}

err := waitForPSPolicyStatus(nsname)
Expect(err).ToNot(HaveOccurred(), fmt.Sprintf("%s was not accepted", name))
}
})

Context("verify working traffic", func() {
// ????????????????????????????????????????????????
It("should return a 200 response only for HTTPRoute tea, and fail for coffee", func() {
baseCoffeeURL := baseURL + "/coffee"
baseTeaURL := baseURL + "/tea"

Eventually(
Copy link
Contributor

@salonichf5 salonichf5 Dec 18, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In this case reading the design proposal

Important: If a Gateway policy disables buffering (disable: true), and a Route policy specifies buffer size fields (bufferSize, buffers, or busyBuffersSize) without explicitly setting disable: false, the buffer size fields will be ignored since buffering is disabled. A Condition will be set on the Route policy to indicate that these fields are being ignored. To use buffer size settings when the Gateway has disabled buffering, the Route policy must explicitly set disable: false.

If gateway disables proxy buffering and disable: false is not explicitly set which is in the example you are using, the proxy buffer fields are ignored and a proper error message should be communicated on the route saying these fields are ignored. Are you able to see the error message on coffee route about these fields being ignored? That's what needs to be checked here.

But if disable: false was explicitly set on the route proxy settings policy the request would succeed (not your case)

tests/suite/proxy_settings_test.go
Comment on lines +652 to +689
When("valid disable for HTTPRoute ProxySettingsPolicies overrides enabled Gateway setting", func() {
var (
policies = []string{
"proxy-settings-policy/gateway-enabled-coffee-disabled-proxy-settings.yaml",
}

baseURL string
)

BeforeAll(func() {
Expect(resourceManager.ApplyFromFiles(policies, namespace)).To(Succeed())

port := 80
if portFwdPort != 0 {
port = portFwdPort
}

baseURL = fmt.Sprintf("http://cafe.example.com:%d", port)
})

AfterAll(func() {
Expect(resourceManager.DeleteFromFiles(policies, namespace)).To(Succeed())
})

Specify("they are accepted by the target resource", func() {
policyNames := []string{
"gateway-proxy-settings",
"coffee-proxy-settings",
}

for _, name := range policyNames {
nsname := types.NamespacedName{Name: name, Namespace: namespace}

err := waitForPSPolicyStatus(nsname)
Expect(err).ToNot(HaveOccurred(), fmt.Sprintf("%s was not accepted", name))
}
})

Copy link
Contributor

@salonichf5 salonichf5 Dec 18, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looking at the implementation, we set a proxy_buffering off directive on the location block when buffering is disabled at Route level, are you seeing that? We should verify that directive exists and request for coffee should fail,

Whereas tea should pass because it will inherit the settings from the Gateway which has proxy buffering enabled.

Copy link
Contributor

@salonichf5 salonichf5 Dec 18, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I guess if we didn't explicitly set it off then coffee location would still inherit Gateway settings.

Let me know if you are tests results look off from the desired and I will look deeper.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@salonichf5 salonichf5 salonichf5 left review comments

Assignees

No one assigned

Labels

tests Pull requests that update tests

Projects

NGINX Gateway Fabric
Status: 🆕 New

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@tataruty @salonichf5