Skip to content

conformance: test cases for HTTPS connection coalescing #4364

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
snorwin wants to merge 1 commit into
base: main
Choose a base branch
from
Open

conformance: test cases for HTTPS connection coalescing #4364

snorwin wants to merge 1 commit into from
+8 −4

Conversation

@snorwin
Copy link
Member

@snorwin snorwin commented Dec 18, 2025

What type of PR is this?

/area conformance-test

What this PR does / why we need it:
In #3630, the Gateway API’s interaction with connection coalescing was improved as part of GEP-3567. However, these changes are not yet reflected in the conformance tests.

Which issue(s) this PR fixes:

N/A

Does this PR introduce a user-facing change?:

Added conformance tests validating Gateway behavior for connection coalescing when SNI and Host headers do not match, including correct use of HTTP 421 for potentially misdirected requests.

@snorwin
conformance: test cases for HTTPS connection coalescing
4033532 
Signed-off-by: Norwin Schnyder <norwin.schnyder+github@gmail.com>
@k8s-ci-robot k8s-ci-robot added release-note Denotes a PR that will be considered when it comes time to generate release notes. area/conformance-test Issues or PRs related to Conformance tests. labels Dec 18, 2025
@k8s-ci-robot
Copy link
Contributor

k8s-ci-robot commented Dec 18, 2025

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: snorwin
Once this PR has been reviewed and has the lgtm label, please assign liorlieberman for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added size/S Denotes a PR that changes 10-29 lines, ignoring generated files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. labels Dec 18, 2025
@snorwin
Copy link
Member Author

snorwin commented Dec 18, 2025

/cc @robscott

@snorwin
Copy link
Member Author

snorwin commented Dec 18, 2025

/retest

robscott
robscott reviewed Dec 19, 2025
View reviewed changes
Copy link
Member

@robscott robscott left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @snorwin!

conformance/tests/httproute-https-listener.go
Comment on lines +66 to +67
{host: "example.org", serverName: "second-example.org", statusCode: 421},
{host: "second-example.org", serverName: "example.org", statusCode: 421},
Copy link
Member

@robscott robscott Dec 19, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think the relevant part of the spec is here:

gateway-api/apis/v1/gateway_types.go

Line 394 in f95fe2b

// the Gateway SHOULD return a 421.

We're actually using RFC 2119 interpretation of keywords here, so SHOULD is a recommendation, not a requirement. With that said, I think we could justify an extended test (separate feature name) to cover this.

cc @youngnick @rikatz

Copy link
Contributor

@kl52752 kl52752 Dec 19, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Shouldn't we enforce this behaviour only for reused connections? If Cx is estabilishing a new connection per request then misdirected does not make sense.

@snorwin can you verify that connection is being reused in this test? I was looking into RoundTripper and I can see that DisableKeepAlives is set.

conformance/tests/httproute-https-listener.go
Comment on lines +68 to +69
{host: "unknown-example.org", serverName: "unknown-example.org", statusCode: 404},
{host: "unknown-example.org", serverName: "second-example.org", statusCode: 404},
Copy link
Member

@robscott robscott Dec 19, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Since these are both a MUST, I don't think they need any qualifiers and can be a part of a core conformance test. Hopefully these don't trip up any existing implementations.

/cc @kl52752 @rostislavbobo

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@robscott robscott robscott left review comments

@candita candita Awaiting requested review from candita

@sunjayBhatia sunjayBhatia Awaiting requested review from sunjayBhatia

@kl52752 kl52752 Awaiting requested review from kl52752

@rostislavbobo rostislavbobo Awaiting requested review from rostislavbobo

Assignees

No one assigned

Labels

area/conformance-test Issues or PRs related to Conformance tests. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. release-note Denotes a PR that will be considered when it comes time to generate release notes. size/S Denotes a PR that changes 10-29 lines, ignoring generated files.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@snorwin @k8s-ci-robot @robscott @kl52752