Add dp-validator wasm-wasi based validation by Frostman · Pull Request #1381 · githedgehog/fabric

Frostman · 2026-03-26T17:06:18Z

No description provided.

Copilot

Pull request overview

Adds an optional “dataplane validator” that is downloaded from an OCI registry and intended to be executed as a WASM/WASI module during Gateway admission validation.

Changes:

Injects a GatewayValidator into the Gateway webhook and runs it during create/update validation.
Introduces GatewayValidator that downloads validator.wasm via ORAS and compiles it with wazero.
Refactors Gateway reconciler logic to build a GatewayAgent via a new helper and adds retry signaling.

Reviewed changes

Copilot reviewed 8 out of 366 changed files in this pull request and generated 8 comments.

Show a summary per file

File	Description
pkg/ctrl/gateway_wh.go	Wires a `GatewayValidator` into Gateway admission create/update flows.
pkg/ctrl/gateway_valid.go	New WASM validator loader using ORAS + wazero runtime/module compilation.
pkg/ctrl/gateway_ctrl.go	Refactors GatewayAgent building into `BuildGatewayAgent` with retry behavior.
cmd/main.go	Initializes `GatewayValidator`, passes it to webhook, switches to ctx-driven lifecycle.
api/meta/types.go	Adds `DataplaneValidatorRef` config field.
config/manager/manager.yaml	Mounts a docker-config secret for ORAS credential resolution.
go.mod	Adds wazero dependency for WASM runtime.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

github-actions · 2026-03-26T17:14:25Z

🚀 Temp artifacts published: v0-b67d6f500 🚀

github-actions · 2026-03-31T18:30:34Z

🚀 Temp artifacts published: v0-e1afa5094 🚀

github-actions · 2026-04-09T19:17:46Z

🚀 Temp artifacts published: v0-1d83a784b 🚀

github-actions · 2026-04-09T20:06:31Z

🚀 Temp artifacts published: v0-27de1ba1a 🚀

Copilot

Pull request overview

Copilot reviewed 11 out of 369 changed files in this pull request and generated 8 comments.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

github-actions · 2026-04-09T23:10:50Z

🚀 Temp artifacts published: v0-b0e88b5d6 🚀

github-actions · 2026-04-09T23:29:52Z

🚀 Temp artifacts published: v0-b0e88b5d6 🚀

github-actions · 2026-04-13T15:57:05Z

🚀 Temp artifacts published: v0-4a96f5b97 🚀

Copilot

Pull request overview

Copilot reviewed 11 out of 369 changed files in this pull request and generated 4 comments.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Copilot

Pull request overview

Copilot reviewed 11 out of 369 changed files in this pull request and generated 7 comments.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

github-actions · 2026-04-13T22:01:51Z

🚀 Temp artifacts published: v0-b14b7dee6 🚀

Signed-off-by: Sergei Lukianov <me@slukjanov.name>

github-actions · 2026-04-14T15:07:56Z

🚀 Temp artifacts published: v0-d417ce769 🚀

Copilot AI review requested due to automatic review settings March 26, 2026 17:06

Frostman requested review from a team as code owners March 26, 2026 17:06

Copilot AI reviewed Mar 26, 2026

View reviewed changes

Frostman marked this pull request as draft March 26, 2026 17:09

Frostman force-pushed the dev/frostman/gw-valid branch from e1afa50 to 1d83a78 Compare April 9, 2026 19:11

Frostman requested a review from Copilot April 9, 2026 21:21

Copilot AI reviewed Apr 9, 2026

View reviewed changes

Frostman force-pushed the dev/frostman/gw-valid branch from 27de1ba to b0e88b5 Compare April 9, 2026 23:06

Frostman added the ci:+release Enable VLAB release tests label Apr 9, 2026

Frostman force-pushed the dev/frostman/gw-valid branch from b0e88b5 to 4a96f5b Compare April 13, 2026 15:50

Frostman requested a review from Copilot April 13, 2026 16:30

Copilot AI reviewed Apr 13, 2026

View reviewed changes

Comment thread pkg/ctrl/gateway_valid.go Outdated

Comment thread pkg/ctrl/gateway_valid.go

Comment thread pkg/ctrl/gateway_valid.go

Comment thread pkg/ctrl/gateway_ctrl.go

Frostman force-pushed the dev/frostman/gw-valid branch from 4a96f5b to 6a5688d Compare April 13, 2026 21:20

Frostman requested a review from Copilot April 13, 2026 21:27

Frostman marked this pull request as ready for review April 13, 2026 21:27

Copilot AI reviewed Apr 13, 2026

View reviewed changes

Comment thread pkg/ctrl/gateway_valid.go

Comment thread pkg/ctrl/gateway_valid.go

Comment thread pkg/ctrl/gateway_valid.go

Comment thread pkg/ctrl/gateway_ctrl.go

Comment thread pkg/ctrl/gateway_ctrl.go

Comment thread config/manager/manager.yaml

Comment thread config/manager/manager.yaml

Frostman force-pushed the dev/frostman/gw-valid branch from db2bcfd to b14b7de Compare April 13, 2026 21:56

Frostman added 3 commits April 14, 2026 08:01

chore: refactor building gwag into a re-usable function

bb3145b

Signed-off-by: Sergei Lukianov <me@slukjanov.name>

feat: load dataplane-validator wasm-wasip1 if available

c6528d1

Signed-off-by: Sergei Lukianov <me@slukjanov.name>

chore: only load dp validator if gw is enabled

26cbd21

Signed-off-by: Sergei Lukianov <me@slukjanov.name>

Frostman added 7 commits April 14, 2026 08:01

chore: temp use dev/frostman/gw-valid fab branch with validator ref

5483582

Signed-off-by: Sergei Lukianov <me@slukjanov.name>

feat(api): gateway validation now includes dp-validator

dfbda16

Signed-off-by: Sergei Lukianov <me@slukjanov.name>

fix: pass fabric cfg to vpcinfo and gwgr webhooks

8763a76

Signed-off-by: Sergei Lukianov <me@slukjanov.name>

feat(api): add gwpeer validation using dp-valid

0e78b85

Signed-off-by: Sergei Lukianov <me@slukjanov.name>

chore: slightly harden dp-valid usage and make it mandatory

10b8fd0

Signed-off-by: Sergei Lukianov <me@slukjanov.name>

fix: pass fabric cfg to gw peer validation

0e4f804

Signed-off-by: Sergei Lukianov <me@slukjanov.name>

fix: properly handle dp-valid when gw is not enabled

d417ce7

Signed-off-by: Sergei Lukianov <me@slukjanov.name>

Frostman force-pushed the dev/frostman/gw-valid branch from b14b7de to d417ce7 Compare April 14, 2026 15:01

Frostman merged commit 87a60c2 into master Apr 14, 2026
17 checks passed

Frostman deleted the dev/frostman/gw-valid branch April 14, 2026 17:19

Conversation

Frostman commented Mar 26, 2026

Uh oh!

Copilot AI left a comment

Choose a reason for hiding this comment

Pull request overview

Reviewed changes

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

github-actions Bot commented Mar 26, 2026

Uh oh!

github-actions Bot commented Mar 31, 2026

Uh oh!

github-actions Bot commented Apr 9, 2026

Uh oh!

github-actions Bot commented Apr 9, 2026

Uh oh!

Copilot AI left a comment

Choose a reason for hiding this comment

Pull request overview

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

github-actions Bot commented Apr 9, 2026

Uh oh!

github-actions Bot commented Apr 9, 2026

Uh oh!

github-actions Bot commented Apr 13, 2026

Uh oh!

Copilot AI left a comment

Choose a reason for hiding this comment

Pull request overview

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Copilot AI left a comment

Choose a reason for hiding this comment

Pull request overview

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

github-actions Bot commented Apr 13, 2026

Uh oh!

github-actions Bot commented Apr 14, 2026

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants