From ae78552ae4940ed0fc350c8e08a797c76a9ba150 Mon Sep 17 00:00:00 2001
From: Lukasz Dziedziak <lukidzi@gmail.com>
Date: Thu, 14 Nov 2024 17:57:11 +0100
Subject: [PATCH] fix(meshtimeout): don't set default timeouts on inbound
 cluster and listener (#12043)

We noticed that when a user upgrades to version 2.9.x without a default
MeshTimeout/Timeout policy, default timeouts are applied on inbound
clusters and listeners. This could disrupt the existing behavior of the
environment.

When no policy is present, we simply skip configuration and do not set
up the timeouts for inbound cluster or listener.

Fix https://github.com/kumahq/kuma/issues/12033

<!--
> Changelog: skip
-->
<!--
Uncomment the above section to explicitly set a [`> Changelog:` entry
here](https://github.com/kumahq/kuma/blob/master/CONTRIBUTING.md#submitting-a-patch)?
-->

---------

Signed-off-by: Lukasz Dziedziak <lukidzi@gmail.com>
---
 ...thout_defaults_inbound_cluster.golden.yaml |  1 +
 ...hout_defaults_inbound_listener.golden.yaml | 32 +++++++++++++++++++
 .../meshtimeout/plugin/v1alpha1/plugin.go     |  7 ++++
 .../plugin/v1alpha1/plugin_test.go            | 24 ++++++++++++++
 4 files changed, 64 insertions(+)
 create mode 100644 pkg/plugins/policies/meshtimeout/plugin/testdata/basic_without_defaults_inbound_cluster.golden.yaml
 create mode 100644 pkg/plugins/policies/meshtimeout/plugin/testdata/basic_without_defaults_inbound_listener.golden.yaml

diff --git a/pkg/plugins/policies/meshtimeout/plugin/testdata/basic_without_defaults_inbound_cluster.golden.yaml b/pkg/plugins/policies/meshtimeout/plugin/testdata/basic_without_defaults_inbound_cluster.golden.yaml
new file mode 100644
index 000000000000..21bbf819ffa4
--- /dev/null
+++ b/pkg/plugins/policies/meshtimeout/plugin/testdata/basic_without_defaults_inbound_cluster.golden.yaml
@@ -0,0 +1 @@
+name: localhost:8080
diff --git a/pkg/plugins/policies/meshtimeout/plugin/testdata/basic_without_defaults_inbound_listener.golden.yaml b/pkg/plugins/policies/meshtimeout/plugin/testdata/basic_without_defaults_inbound_listener.golden.yaml
new file mode 100644
index 000000000000..40e713880159
--- /dev/null
+++ b/pkg/plugins/policies/meshtimeout/plugin/testdata/basic_without_defaults_inbound_listener.golden.yaml
@@ -0,0 +1,32 @@
+address:
+  socketAddress:
+    address: 127.0.0.1
+    portValue: 80
+enableReusePort: false
+filterChains:
+- filters:
+  - name: envoy.filters.network.http_connection_manager
+    typedConfig:
+      '@type': type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager
+      httpFilters:
+      - name: envoy.filters.http.router
+        typedConfig:
+          '@type': type.googleapis.com/envoy.extensions.filters.http.router.v3.Router
+      routeConfig:
+        name: inbound:backend
+        requestHeadersToRemove:
+        - x-kuma-tags
+        validateClusters: false
+        virtualHosts:
+        - domains:
+          - '*'
+          name: backend
+          routes:
+          - match:
+              prefix: /
+            route:
+              cluster: backend
+              timeout: 0s
+      statPrefix: inbound_127_0_0_1_80
+name: inbound:127.0.0.1:80
+trafficDirection: INBOUND
diff --git a/pkg/plugins/policies/meshtimeout/plugin/v1alpha1/plugin.go b/pkg/plugins/policies/meshtimeout/plugin/v1alpha1/plugin.go
index 122bf8beac35..ebb10b358af4 100644
--- a/pkg/plugins/policies/meshtimeout/plugin/v1alpha1/plugin.go
+++ b/pkg/plugins/policies/meshtimeout/plugin/v1alpha1/plugin.go
@@ -83,6 +83,13 @@ func applyToInbounds(fromRules core_rules.FromRules, inboundListeners map[core_r
 		}
 
 		protocol := core_mesh.ParseProtocol(inbound.GetProtocol())
+<<<<<<< HEAD
+=======
+		conf := getConf(fromRules.Rules[listenerKey], core_rules.MeshSubset())
+		if conf == nil {
+			continue
+		}
+>>>>>>> 844c9881c (fix(meshtimeout): don't set default timeouts on inbound cluster and listener (#12043))
 		configurer := plugin_xds.ListenerConfigurer{
 			Rules:    fromRules.Rules[listenerKey],
 			Subset:   core_rules.MeshSubset(),
diff --git a/pkg/plugins/policies/meshtimeout/plugin/v1alpha1/plugin_test.go b/pkg/plugins/policies/meshtimeout/plugin/v1alpha1/plugin_test.go
index 377350731e29..4e2573051f93 100644
--- a/pkg/plugins/policies/meshtimeout/plugin/v1alpha1/plugin_test.go
+++ b/pkg/plugins/policies/meshtimeout/plugin/v1alpha1/plugin_test.go
@@ -210,6 +210,30 @@ var _ = Describe("MeshTimeout", func() {
 			expectedClusters:  []string{"basic_inbound_cluster.golden.yaml"},
 			expectedListeners: []string{"basic_inbound_listener.golden.yaml"},
 		}),
+		Entry("basic inbound route without defaults", sidecarTestCase{
+			resources: []core_xds.Resource{
+				{
+					Name:     "inbound",
+					Origin:   generator.OriginInbound,
+					Resource: httpInboundListenerWith(),
+				},
+				{
+					Name:     "inbound",
+					Origin:   generator.OriginInbound,
+					Resource: test_xds.ClusterWithName(fmt.Sprintf("localhost:%d", builders.FirstInboundServicePort)),
+				},
+			},
+			fromRules: core_rules.FromRules{
+				Rules: map[core_rules.InboundListener]core_rules.Rules{
+					{
+						Address: "127.0.0.1",
+						Port:    80,
+					}: []*core_rules.Rule{},
+				},
+			},
+			expectedClusters:  []string{"basic_without_defaults_inbound_cluster.golden.yaml"},
+			expectedListeners: []string{"basic_without_defaults_inbound_listener.golden.yaml"},
+		}),
 		Entry("outbound with defaults when http conf missing", sidecarTestCase{
 			resources: []core_xds.Resource{
 				{