From 7df87e9be23698a767cd28475859524fe8208b76 Mon Sep 17 00:00:00 2001 From: Roman Willi Date: Thu, 27 Nov 2025 09:10:44 +0100 Subject: [PATCH 1/2] conformance: Add Airlock Microgateway 4.8.0 report for v1.4.0 --- .../v1.1.0/airlock-microgateway/README.md | 3 +- .../standard-4.8.0-default-report.yaml | 47 ++++++++++++++++ .../v1.1.1/airlock-microgateway/README.md | 3 +- .../standard-4.8.0-default-report.yaml | 47 ++++++++++++++++ .../v1.2.0/airlock-microgateway/README.md | 3 +- .../standard-4.8.0-default-report.yaml | 53 ++++++++++++++++++ .../v1.2.1/airlock-microgateway/README.md | 3 +- .../standard-4.8.0-default-report.yaml | 53 ++++++++++++++++++ .../v1.3.0/airlock-microgateway/README.md | 3 +- .../standard-4.8.0-default-report.yaml | 55 +++++++++++++++++++ .../v1.4.0/airlock-microgateway/README.md | 6 +- ...=> experimental-4.8.0-default-report.yaml} | 10 ++-- 12 files changed, 274 insertions(+), 12 deletions(-) create mode 100644 conformance/reports/v1.1.0/airlock-microgateway/standard-4.8.0-default-report.yaml create mode 100644 conformance/reports/v1.1.1/airlock-microgateway/standard-4.8.0-default-report.yaml create mode 100644 conformance/reports/v1.2.0/airlock-microgateway/standard-4.8.0-default-report.yaml create mode 100644 conformance/reports/v1.2.1/airlock-microgateway/standard-4.8.0-default-report.yaml create mode 100644 conformance/reports/v1.3.0/airlock-microgateway/standard-4.8.0-default-report.yaml rename conformance/reports/v1.4.0/airlock-microgateway/{experimental-4.8.0-alpha1-default-report.yaml => experimental-4.8.0-default-report.yaml} (92%) diff --git a/conformance/reports/v1.1.0/airlock-microgateway/README.md b/conformance/reports/v1.1.0/airlock-microgateway/README.md index 52bd30cd0a..8673e88aba 100644 --- a/conformance/reports/v1.1.0/airlock-microgateway/README.md +++ b/conformance/reports/v1.1.0/airlock-microgateway/README.md @@ -8,6 +8,7 @@ | standard | [v4.5.0](https://github.com/airlock/microgateway/releases/tag/4.5.0) | default | [link](./standard-4.5.0-default-report.yaml) | | standard | [v4.6.0](https://github.com/airlock/microgateway/releases/tag/4.6.0) | default | [link](./standard-4.6.0-default-report.yaml) | | standard | [v4.7.0](https://github.com/airlock/microgateway/releases/tag/4.7.0) | default | [link](./standard-4.7.0-default-report.yaml) | +| standard | [v4.8.0](https://github.com/airlock/microgateway/releases/tag/4.8.0) | default | [link](./standard-4.8.0-default-report.yaml) | ## Reproduce @@ -16,7 +17,7 @@ The Airlock Microgateway conformance report can be reproduced by following the s > [!NOTE] > The `HTTPRouteWeight` test fires 10 concurrent request to 3 backends totaling in 500 requests to assert a distribution that matches the configured weight. > Please be aware that this test exceeds the [5 req/sec rate-limit](https://docs.airlock.com/microgateway/latest/?topic=MGW-00000056) enforced in the [community edition](https://www.airlock.com/en/secure-access-hub/components/microgateway/community-edition) , causing the test to fail. -> To successfully pass this test a [premium license](https://www.airlock.com/en/secure-access-hub/components/microgateway/premium-edition) is required. +> To successfully pass this test a [premium license](https://www.airlock.com/en/secure-access-hub/components/microgateway/premium-edition) is required. > > The Airlock Microgateway drops all request headers except for a well-known built-in standard and tracing headers list (e.g., Accept, Cookie, X-CSRF-TOKEN) to reduce the attack surface. > Therefore, to run the conformance tests, a `ContentSecurityPolicy` with a `HeaderRewrites` (see [`conformance-report.yaml`](https://github.com/airlock/microgateway/tree/main/gateway-api/conformance/manifests/conformance-report.yaml)) is required to disable request header filtering for all `HTTPRoute` tests relying on the `MakeRequestAndExpectEventuallyConsistentResponse` assertion. diff --git a/conformance/reports/v1.1.0/airlock-microgateway/standard-4.8.0-default-report.yaml b/conformance/reports/v1.1.0/airlock-microgateway/standard-4.8.0-default-report.yaml new file mode 100644 index 0000000000..0d0fb1bdd0 --- /dev/null +++ b/conformance/reports/v1.1.0/airlock-microgateway/standard-4.8.0-default-report.yaml @@ -0,0 +1,47 @@ +apiVersion: gateway.networking.k8s.io/v1alpha1 +date: "2025-11-26T14:35:21Z" +gatewayAPIChannel: standard +gatewayAPIVersion: v1.1.0 +implementation: + contact: + - https://www.airlock.com/en/contact + organization: airlock + project: microgateway + url: https://github.com/airlock/microgateway + version: 4.8.0 +kind: ConformanceReport +mode: default +profiles: +- core: + result: success + statistics: + Failed: 0 + Passed: 33 + Skipped: 0 + extended: + result: success + statistics: + Failed: 0 + Passed: 13 + Skipped: 0 + supportedFeatures: + - GatewayHTTPListenerIsolation + - GatewayPort8080 + - HTTPRouteHostRewrite + - HTTPRouteMethodMatching + - HTTPRouteParentRefPort + - HTTPRoutePathRedirect + - HTTPRoutePathRewrite + - HTTPRoutePortRedirect + - HTTPRouteQueryParamMatching + - HTTPRouteResponseHeaderModification + - HTTPRouteSchemeRedirect + unsupportedFeatures: + - GatewayStaticAddresses + - HTTPRouteBackendRequestHeaderModification + - HTTPRouteBackendTimeout + - HTTPRouteRequestMirror + - HTTPRouteRequestMultipleMirrors + - HTTPRouteRequestTimeout + name: GATEWAY-HTTP + summary: Core tests succeeded. Extended tests succeeded. diff --git a/conformance/reports/v1.1.1/airlock-microgateway/README.md b/conformance/reports/v1.1.1/airlock-microgateway/README.md index 1b799aec87..2be1a3e815 100644 --- a/conformance/reports/v1.1.1/airlock-microgateway/README.md +++ b/conformance/reports/v1.1.1/airlock-microgateway/README.md @@ -7,6 +7,7 @@ | standard | [v4.5.0](https://github.com/airlock/microgateway/releases/tag/4.5.0) | default | [link](./standard-4.5.0-default-report.yaml) | | standard | [v4.6.0](https://github.com/airlock/microgateway/releases/tag/4.6.0) | default | [link](./standard-4.6.0-default-report.yaml) | | standard | [v4.7.0](https://github.com/airlock/microgateway/releases/tag/4.7.0) | default | [link](./standard-4.7.0-default-report.yaml) | +| standard | [v4.8.0](https://github.com/airlock/microgateway/releases/tag/4.8.0) | default | [link](./standard-4.8.0-default-report.yaml) | ## Reproduce @@ -15,7 +16,7 @@ The Airlock Microgateway conformance report can be reproduced by following the s > [!NOTE] > The `HTTPRouteWeight` test fires 10 concurrent request to 3 backends totaling in 500 requests to assert a distribution that matches the configured weight. > Please be aware that this test exceeds the [5 req/sec rate-limit](https://docs.airlock.com/microgateway/latest/?topic=MGW-00000056) enforced in the [community edition](https://www.airlock.com/en/secure-access-hub/components/microgateway/community-edition) , causing the test to fail. -> To successfully pass this test a [premium license](https://www.airlock.com/en/secure-access-hub/components/microgateway/premium-edition) is required. +> To successfully pass this test a [premium license](https://www.airlock.com/en/secure-access-hub/components/microgateway/premium-edition) is required. > > The Airlock Microgateway drops all request headers except for a well-known built-in standard and tracing headers list (e.g., Accept, Cookie, X-CSRF-TOKEN) to reduce the attack surface. > Therefore, to run the conformance tests, a `ContentSecurityPolicy` with a `HeaderRewrites` (see [`conformance-report.yaml`](https://github.com/airlock/microgateway/tree/main/gateway-api/conformance/manifests/conformance-report.yaml)) is required to disable request header filtering for all `HTTPRoute` tests relying on the `MakeRequestAndExpectEventuallyConsistentResponse` assertion. diff --git a/conformance/reports/v1.1.1/airlock-microgateway/standard-4.8.0-default-report.yaml b/conformance/reports/v1.1.1/airlock-microgateway/standard-4.8.0-default-report.yaml new file mode 100644 index 0000000000..fbda22cfa4 --- /dev/null +++ b/conformance/reports/v1.1.1/airlock-microgateway/standard-4.8.0-default-report.yaml @@ -0,0 +1,47 @@ +apiVersion: gateway.networking.k8s.io/v1alpha1 +date: "2025-11-26T14:35:01Z" +gatewayAPIChannel: standard +gatewayAPIVersion: v1.1.1 +implementation: + contact: + - https://www.airlock.com/en/contact + organization: airlock + project: microgateway + url: https://github.com/airlock/microgateway + version: 4.8.0 +kind: ConformanceReport +mode: default +profiles: +- core: + result: success + statistics: + Failed: 0 + Passed: 33 + Skipped: 0 + extended: + result: success + statistics: + Failed: 0 + Passed: 13 + Skipped: 0 + supportedFeatures: + - GatewayHTTPListenerIsolation + - GatewayPort8080 + - HTTPRouteHostRewrite + - HTTPRouteMethodMatching + - HTTPRouteParentRefPort + - HTTPRoutePathRedirect + - HTTPRoutePathRewrite + - HTTPRoutePortRedirect + - HTTPRouteQueryParamMatching + - HTTPRouteResponseHeaderModification + - HTTPRouteSchemeRedirect + unsupportedFeatures: + - GatewayStaticAddresses + - HTTPRouteBackendRequestHeaderModification + - HTTPRouteBackendTimeout + - HTTPRouteRequestMirror + - HTTPRouteRequestMultipleMirrors + - HTTPRouteRequestTimeout + name: GATEWAY-HTTP + summary: Core tests succeeded. Extended tests succeeded. diff --git a/conformance/reports/v1.2.0/airlock-microgateway/README.md b/conformance/reports/v1.2.0/airlock-microgateway/README.md index 1b799aec87..2be1a3e815 100644 --- a/conformance/reports/v1.2.0/airlock-microgateway/README.md +++ b/conformance/reports/v1.2.0/airlock-microgateway/README.md @@ -7,6 +7,7 @@ | standard | [v4.5.0](https://github.com/airlock/microgateway/releases/tag/4.5.0) | default | [link](./standard-4.5.0-default-report.yaml) | | standard | [v4.6.0](https://github.com/airlock/microgateway/releases/tag/4.6.0) | default | [link](./standard-4.6.0-default-report.yaml) | | standard | [v4.7.0](https://github.com/airlock/microgateway/releases/tag/4.7.0) | default | [link](./standard-4.7.0-default-report.yaml) | +| standard | [v4.8.0](https://github.com/airlock/microgateway/releases/tag/4.8.0) | default | [link](./standard-4.8.0-default-report.yaml) | ## Reproduce @@ -15,7 +16,7 @@ The Airlock Microgateway conformance report can be reproduced by following the s > [!NOTE] > The `HTTPRouteWeight` test fires 10 concurrent request to 3 backends totaling in 500 requests to assert a distribution that matches the configured weight. > Please be aware that this test exceeds the [5 req/sec rate-limit](https://docs.airlock.com/microgateway/latest/?topic=MGW-00000056) enforced in the [community edition](https://www.airlock.com/en/secure-access-hub/components/microgateway/community-edition) , causing the test to fail. -> To successfully pass this test a [premium license](https://www.airlock.com/en/secure-access-hub/components/microgateway/premium-edition) is required. +> To successfully pass this test a [premium license](https://www.airlock.com/en/secure-access-hub/components/microgateway/premium-edition) is required. > > The Airlock Microgateway drops all request headers except for a well-known built-in standard and tracing headers list (e.g., Accept, Cookie, X-CSRF-TOKEN) to reduce the attack surface. > Therefore, to run the conformance tests, a `ContentSecurityPolicy` with a `HeaderRewrites` (see [`conformance-report.yaml`](https://github.com/airlock/microgateway/tree/main/gateway-api/conformance/manifests/conformance-report.yaml)) is required to disable request header filtering for all `HTTPRoute` tests relying on the `MakeRequestAndExpectEventuallyConsistentResponse` assertion. diff --git a/conformance/reports/v1.2.0/airlock-microgateway/standard-4.8.0-default-report.yaml b/conformance/reports/v1.2.0/airlock-microgateway/standard-4.8.0-default-report.yaml new file mode 100644 index 0000000000..09ff47a8fd --- /dev/null +++ b/conformance/reports/v1.2.0/airlock-microgateway/standard-4.8.0-default-report.yaml @@ -0,0 +1,53 @@ +apiVersion: gateway.networking.k8s.io/v1 +date: "2025-11-26T14:35:34Z" +gatewayAPIChannel: standard +gatewayAPIVersion: v1.2.0 +implementation: + contact: + - https://www.airlock.com/en/contact + organization: airlock + project: microgateway + url: https://github.com/airlock/microgateway + version: 4.8.0 +kind: ConformanceReport +mode: default +profiles: +- core: + result: success + statistics: + Failed: 0 + Passed: 33 + Skipped: 0 + extended: + result: success + statistics: + Failed: 0 + Passed: 19 + Skipped: 0 + supportedFeatures: + - GatewayHTTPListenerIsolation + - GatewayInfrastructurePropagation + - GatewayPort8080 + - HTTPRouteBackendProtocolH2C + - HTTPRouteBackendProtocolWebSocket + - HTTPRouteBackendTimeout + - HTTPRouteDestinationPortMatching + - HTTPRouteHostRewrite + - HTTPRouteMethodMatching + - HTTPRouteParentRefPort + - HTTPRoutePathRedirect + - HTTPRoutePathRewrite + - HTTPRoutePortRedirect + - HTTPRouteQueryParamMatching + - HTTPRouteRequestTimeout + - HTTPRouteResponseHeaderModification + - HTTPRouteSchemeRedirect + unsupportedFeatures: + - GatewayStaticAddresses + - HTTPRouteBackendRequestHeaderModification + - HTTPRouteRequestMirror + - HTTPRouteRequestMultipleMirrors + name: GATEWAY-HTTP + summary: Core tests succeeded. Extended tests succeeded. +succeededProvisionalTests: +- GatewayInfrastructure diff --git a/conformance/reports/v1.2.1/airlock-microgateway/README.md b/conformance/reports/v1.2.1/airlock-microgateway/README.md index 926722c23f..298bf562ee 100644 --- a/conformance/reports/v1.2.1/airlock-microgateway/README.md +++ b/conformance/reports/v1.2.1/airlock-microgateway/README.md @@ -7,6 +7,7 @@ | experimental | [v4.5.0](https://github.com/airlock/microgateway/releases/tag/4.5.0) | default | [link](./experimental-4.5.0-default-report.yaml) | | standard | [v4.6.0](https://github.com/airlock/microgateway/releases/tag/4.6.0) | default | [link](./standard-4.6.0-default-report.yaml) | | standard | [v4.7.0](https://github.com/airlock/microgateway/releases/tag/4.7.0) | default | [link](./standard-4.7.0-default-report.yaml) | +| standard | [v4.8.0](https://github.com/airlock/microgateway/releases/tag/4.8.0) | default | [link](./standard-4.8.0-default-report.yaml) | ## Reproduce @@ -15,7 +16,7 @@ The Airlock Microgateway conformance report can be reproduced by following the s > [!NOTE] > The `HTTPRouteWeight` test fires 10 concurrent request to 3 backends totaling in 500 requests to assert a distribution that matches the configured weight. > Please be aware that this test exceeds the [5 req/sec rate-limit](https://docs.airlock.com/microgateway/latest/?topic=MGW-00000056) enforced in the [community edition](https://www.airlock.com/en/secure-access-hub/components/microgateway/community-edition) , causing the test to fail. -> To successfully pass this test a [premium license](https://www.airlock.com/en/secure-access-hub/components/microgateway/premium-edition) is required. +> To successfully pass this test a [premium license](https://www.airlock.com/en/secure-access-hub/components/microgateway/premium-edition) is required. > > The Airlock Microgateway drops all request headers except for a well-known built-in standard and tracing headers list (e.g., Accept, Cookie, X-CSRF-TOKEN) to reduce the attack surface. > Therefore, to run the conformance tests, a `ContentSecurityPolicy` with a `HeaderRewrites` (see [`conformance-report.yaml`](https://github.com/airlock/microgateway/tree/main/gateway-api/conformance/manifests/conformance-report.yaml)) is required to disable request header filtering for all `HTTPRoute` tests relying on the `MakeRequestAndExpectEventuallyConsistentResponse` assertion. diff --git a/conformance/reports/v1.2.1/airlock-microgateway/standard-4.8.0-default-report.yaml b/conformance/reports/v1.2.1/airlock-microgateway/standard-4.8.0-default-report.yaml new file mode 100644 index 0000000000..b9e6d95399 --- /dev/null +++ b/conformance/reports/v1.2.1/airlock-microgateway/standard-4.8.0-default-report.yaml @@ -0,0 +1,53 @@ +apiVersion: gateway.networking.k8s.io/v1 +date: "2025-11-26T14:36:42Z" +gatewayAPIChannel: standard +gatewayAPIVersion: v1.2.1 +implementation: + contact: + - https://www.airlock.com/en/contact + organization: airlock + project: microgateway + url: https://github.com/airlock/microgateway + version: 4.8.0 +kind: ConformanceReport +mode: default +profiles: +- core: + result: success + statistics: + Failed: 0 + Passed: 33 + Skipped: 0 + extended: + result: success + statistics: + Failed: 0 + Passed: 19 + Skipped: 0 + supportedFeatures: + - GatewayHTTPListenerIsolation + - GatewayInfrastructurePropagation + - GatewayPort8080 + - HTTPRouteBackendProtocolH2C + - HTTPRouteBackendProtocolWebSocket + - HTTPRouteBackendTimeout + - HTTPRouteDestinationPortMatching + - HTTPRouteHostRewrite + - HTTPRouteMethodMatching + - HTTPRouteParentRefPort + - HTTPRoutePathRedirect + - HTTPRoutePathRewrite + - HTTPRoutePortRedirect + - HTTPRouteQueryParamMatching + - HTTPRouteRequestTimeout + - HTTPRouteResponseHeaderModification + - HTTPRouteSchemeRedirect + unsupportedFeatures: + - GatewayStaticAddresses + - HTTPRouteBackendRequestHeaderModification + - HTTPRouteRequestMirror + - HTTPRouteRequestMultipleMirrors + name: GATEWAY-HTTP + summary: Core tests succeeded. Extended tests succeeded. +succeededProvisionalTests: +- GatewayInfrastructure diff --git a/conformance/reports/v1.3.0/airlock-microgateway/README.md b/conformance/reports/v1.3.0/airlock-microgateway/README.md index 1527380fcc..94a14660ed 100644 --- a/conformance/reports/v1.3.0/airlock-microgateway/README.md +++ b/conformance/reports/v1.3.0/airlock-microgateway/README.md @@ -6,6 +6,7 @@ |--------------|----------------------------------------------------------------------|---------|--------------------------------------------------| | experimental | [v4.6.0](https://github.com/airlock/microgateway/releases/tag/4.6.0) | default | [link](./experimental-4.6.0-default-report.yaml) | | experimental | [v4.7.0](https://github.com/airlock/microgateway/releases/tag/4.7.0) | default | [link](./experimental-4.7.0-default-report.yaml) | +| standard | [v4.8.0](https://github.com/airlock/microgateway/releases/tag/4.8.0) | default | [link](./standard-4.8.0-default-report.yaml) | ## Reproduce @@ -14,7 +15,7 @@ The Airlock Microgateway conformance report can be reproduced by following the s > [!NOTE] > The `HTTPRouteWeight` test fires 10 concurrent request to 3 backends totaling in 500 requests to assert a distribution that matches the configured weight. > Please be aware that this test exceeds the [5 req/sec rate-limit](https://docs.airlock.com/microgateway/latest/?topic=MGW-00000056) enforced in the [community edition](https://www.airlock.com/en/secure-access-hub/components/microgateway/community-edition) , causing the test to fail. -> To successfully pass this test a [premium license](https://www.airlock.com/en/secure-access-hub/components/microgateway/premium-edition) is required. +> To successfully pass this test a [premium license](https://www.airlock.com/en/secure-access-hub/components/microgateway/premium-edition) is required. > > The Airlock Microgateway drops all request headers except for a well-known built-in standard and tracing headers list (e.g., Accept, Cookie, X-CSRF-TOKEN) to reduce the attack surface. > Therefore, to run the conformance tests, a `ContentSecurityPolicy` with a `HeaderRewrites` (see [`conformance-report.yaml`](https://github.com/airlock/microgateway/tree/main/gateway-api/conformance/manifests/conformance-report.yaml)) is required to disable request header filtering for all `HTTPRoute` tests relying on the `MakeRequestAndExpectEventuallyConsistentResponse` assertion. diff --git a/conformance/reports/v1.3.0/airlock-microgateway/standard-4.8.0-default-report.yaml b/conformance/reports/v1.3.0/airlock-microgateway/standard-4.8.0-default-report.yaml new file mode 100644 index 0000000000..9e0ee4b5c7 --- /dev/null +++ b/conformance/reports/v1.3.0/airlock-microgateway/standard-4.8.0-default-report.yaml @@ -0,0 +1,55 @@ +apiVersion: gateway.networking.k8s.io/v1 +date: "2025-11-26T14:32:24Z" +gatewayAPIChannel: standard +gatewayAPIVersion: v1.3.0 +implementation: + contact: + - https://www.airlock.com/en/contact + organization: airlock + project: microgateway + url: https://github.com/airlock/microgateway + version: 4.8.0 +kind: ConformanceReport +mode: default +profiles: +- core: + result: success + statistics: + Failed: 0 + Passed: 33 + Skipped: 0 + extended: + result: success + statistics: + Failed: 0 + Passed: 19 + Skipped: 0 + supportedFeatures: + - GatewayHTTPListenerIsolation + - GatewayInfrastructurePropagation + - GatewayPort8080 + - HTTPRouteBackendProtocolH2C + - HTTPRouteBackendProtocolWebSocket + - HTTPRouteBackendTimeout + - HTTPRouteDestinationPortMatching + - HTTPRouteHostRewrite + - HTTPRouteMethodMatching + - HTTPRouteParentRefPort + - HTTPRoutePathRedirect + - HTTPRoutePathRewrite + - HTTPRoutePortRedirect + - HTTPRouteQueryParamMatching + - HTTPRouteRequestTimeout + - HTTPRouteResponseHeaderModification + - HTTPRouteSchemeRedirect + unsupportedFeatures: + - GatewayAddressEmpty + - GatewayStaticAddresses + - HTTPRouteBackendRequestHeaderModification + - HTTPRouteRequestMirror + - HTTPRouteRequestMultipleMirrors + - HTTPRouteRequestPercentageMirror + name: GATEWAY-HTTP + summary: Core tests succeeded. Extended tests succeeded. +succeededProvisionalTests: +- GatewayInfrastructure diff --git a/conformance/reports/v1.4.0/airlock-microgateway/README.md b/conformance/reports/v1.4.0/airlock-microgateway/README.md index 6357792674..daa92eb9a0 100644 --- a/conformance/reports/v1.4.0/airlock-microgateway/README.md +++ b/conformance/reports/v1.4.0/airlock-microgateway/README.md @@ -4,7 +4,7 @@ | API channel | Implementation version | Mode | Report | |--------------|----------------------------------------------------------------------|---------|--------------------------------------------------| -| experimental | [v4.8.0-alpha1](https://github.com/airlock/microgateway/releases/tag/4.8.0-alpha1) | default | [link](./experimental-4.8.0-alpha1-default-report.yaml) | +| experimental | [v4.8.0](https://github.com/airlock/microgateway/releases/tag/4.8.0) | default | [link](./experimental-4.8.0-default-report.yaml) | ## Reproduce @@ -13,8 +13,8 @@ The Airlock Microgateway conformance report can be reproduced by following the s > [!NOTE] > The `HTTPRouteWeight` test fires 10 concurrent request to 3 backends totaling in 500 requests to assert a distribution that matches the configured weight. > Please be aware that this test exceeds the [5 req/sec rate-limit](https://docs.airlock.com/microgateway/latest/?topic=MGW-00000056) enforced in the [community edition](https://www.airlock.com/en/secure-access-hub/components/microgateway/community-edition) , causing the test to fail. -> To successfully pass this test a [premium license](https://www.airlock.com/en/secure-access-hub/components/microgateway/premium-edition) is required. -> +> To successfully pass this test a [premium license](https://www.airlock.com/en/secure-access-hub/components/microgateway/premium-edition) is required. +> > The Airlock Microgateway drops all request headers except for a well-known built-in standard and tracing headers list (e.g., Accept, Cookie, X-CSRF-TOKEN) to reduce the attack surface. > Therefore, to run the conformance tests, a `ContentSecurityPolicy` with a `HeaderRewrites` (see [`conformance-report.yaml`](https://github.com/airlock/microgateway/tree/main/gateway-api/conformance/manifests/conformance-report.yaml)) is required to disable request header filtering for all `HTTPRoute` tests relying on the `MakeRequestAndExpectEventuallyConsistentResponse` assertion. > Regardless of whether request header filtering is enabled or disabled, header-based routing works as specified in the Gateway API, as the headers are only filtered before the request is forwarded to the upstream. diff --git a/conformance/reports/v1.4.0/airlock-microgateway/experimental-4.8.0-alpha1-default-report.yaml b/conformance/reports/v1.4.0/airlock-microgateway/experimental-4.8.0-default-report.yaml similarity index 92% rename from conformance/reports/v1.4.0/airlock-microgateway/experimental-4.8.0-alpha1-default-report.yaml rename to conformance/reports/v1.4.0/airlock-microgateway/experimental-4.8.0-default-report.yaml index e99db91d20..3150cd3897 100644 --- a/conformance/reports/v1.4.0/airlock-microgateway/experimental-4.8.0-alpha1-default-report.yaml +++ b/conformance/reports/v1.4.0/airlock-microgateway/experimental-4.8.0-default-report.yaml @@ -1,5 +1,5 @@ apiVersion: gateway.networking.k8s.io/v1 -date: "2025-10-29T09:40:20Z" +date: "2025-11-26T14:33:12Z" gatewayAPIChannel: experimental gatewayAPIVersion: v1.4.0 implementation: @@ -8,7 +8,7 @@ implementation: organization: airlock project: microgateway url: https://github.com/airlock/microgateway - version: 4.8.0-alpha1 + version: 4.8.0 kind: ConformanceReport mode: default profiles: @@ -22,9 +22,12 @@ profiles: result: success statistics: Failed: 0 - Passed: 20 + Passed: 27 Skipped: 0 supportedFeatures: + - BackendTLSPolicy + - BackendTLSPolicySANValidation + - GatewayHTTPListenerIsolation - GatewayInfrastructurePropagation - GatewayPort8080 - HTTPRouteBackendProtocolH2C @@ -45,7 +48,6 @@ profiles: - HTTPRouteSchemeRedirect unsupportedFeatures: - GatewayAddressEmpty - - GatewayHTTPListenerIsolation - GatewayStaticAddresses - HTTPRouteBackendRequestHeaderModification - HTTPRouteRequestMirror From 97ee6e0447c17c7a11f3fd8ff1358ef08e2aa405 Mon Sep 17 00:00:00 2001 From: Roman Willi Date: Thu, 4 Dec 2025 13:46:57 +0100 Subject: [PATCH 2/2] conformance: Add Airlock Microgateway 4.8.0 report for v1.4.1 --- .../v1.4.1/airlock-microgateway/README.md | 20 +++++++ .../experimental-4.8.0-default-report.yaml | 60 +++++++++++++++++++ 2 files changed, 80 insertions(+) create mode 100644 conformance/reports/v1.4.1/airlock-microgateway/README.md create mode 100644 conformance/reports/v1.4.1/airlock-microgateway/experimental-4.8.0-default-report.yaml diff --git a/conformance/reports/v1.4.1/airlock-microgateway/README.md b/conformance/reports/v1.4.1/airlock-microgateway/README.md new file mode 100644 index 0000000000..daa92eb9a0 --- /dev/null +++ b/conformance/reports/v1.4.1/airlock-microgateway/README.md @@ -0,0 +1,20 @@ +# Airlock Microgateway + +## Table of contents + +| API channel | Implementation version | Mode | Report | +|--------------|----------------------------------------------------------------------|---------|--------------------------------------------------| +| experimental | [v4.8.0](https://github.com/airlock/microgateway/releases/tag/4.8.0) | default | [link](./experimental-4.8.0-default-report.yaml) | + +## Reproduce + +The Airlock Microgateway conformance report can be reproduced by following the steps in the [Gateway API conformance guide](https://github.com/airlock/microgateway/tree/main/gateway-api/conformance/conformance.md) on GitHub. + +> [!NOTE] +> The `HTTPRouteWeight` test fires 10 concurrent request to 3 backends totaling in 500 requests to assert a distribution that matches the configured weight. +> Please be aware that this test exceeds the [5 req/sec rate-limit](https://docs.airlock.com/microgateway/latest/?topic=MGW-00000056) enforced in the [community edition](https://www.airlock.com/en/secure-access-hub/components/microgateway/community-edition) , causing the test to fail. +> To successfully pass this test a [premium license](https://www.airlock.com/en/secure-access-hub/components/microgateway/premium-edition) is required. +> +> The Airlock Microgateway drops all request headers except for a well-known built-in standard and tracing headers list (e.g., Accept, Cookie, X-CSRF-TOKEN) to reduce the attack surface. +> Therefore, to run the conformance tests, a `ContentSecurityPolicy` with a `HeaderRewrites` (see [`conformance-report.yaml`](https://github.com/airlock/microgateway/tree/main/gateway-api/conformance/manifests/conformance-report.yaml)) is required to disable request header filtering for all `HTTPRoute` tests relying on the `MakeRequestAndExpectEventuallyConsistentResponse` assertion. +> Regardless of whether request header filtering is enabled or disabled, header-based routing works as specified in the Gateway API, as the headers are only filtered before the request is forwarded to the upstream. diff --git a/conformance/reports/v1.4.1/airlock-microgateway/experimental-4.8.0-default-report.yaml b/conformance/reports/v1.4.1/airlock-microgateway/experimental-4.8.0-default-report.yaml new file mode 100644 index 0000000000..9ce87608a9 --- /dev/null +++ b/conformance/reports/v1.4.1/airlock-microgateway/experimental-4.8.0-default-report.yaml @@ -0,0 +1,60 @@ +apiVersion: gateway.networking.k8s.io/v1 +date: "2025-12-04T12:11:06Z" +gatewayAPIChannel: experimental +gatewayAPIVersion: v1.4.1 +implementation: + contact: + - https://www.airlock.com/en/contact + organization: airlock + project: microgateway + url: https://github.com/airlock/microgateway + version: 4.8.0 +kind: ConformanceReport +mode: default +profiles: +- core: + result: success + statistics: + Failed: 0 + Passed: 33 + Skipped: 0 + extended: + result: success + statistics: + Failed: 0 + Passed: 27 + Skipped: 0 + supportedFeatures: + - BackendTLSPolicy + - BackendTLSPolicySANValidation + - GatewayHTTPListenerIsolation + - GatewayInfrastructurePropagation + - GatewayPort8080 + - HTTPRouteBackendProtocolH2C + - HTTPRouteBackendProtocolWebSocket + - HTTPRouteBackendTimeout + - HTTPRouteCORS + - HTTPRouteDestinationPortMatching + - HTTPRouteHostRewrite + - HTTPRouteMethodMatching + - HTTPRouteNamedRouteRule + - HTTPRouteParentRefPort + - HTTPRoutePathRedirect + - HTTPRoutePathRewrite + - HTTPRoutePortRedirect + - HTTPRouteQueryParamMatching + - HTTPRouteRequestTimeout + - HTTPRouteResponseHeaderModification + - HTTPRouteSchemeRedirect + unsupportedFeatures: + - GatewayAddressEmpty + - GatewayStaticAddresses + - HTTPRouteBackendRequestHeaderModification + - HTTPRouteRequestMirror + - HTTPRouteRequestMultipleMirrors + - HTTPRouteRequestPercentageMirror + name: GATEWAY-HTTP + summary: Core tests succeeded. Extended tests succeeded. +succeededProvisionalTests: +- GatewayInfrastructure +- HTTPRouteNamedRule