From 846ec6ba6971296a5dd1477681b685d41a95c11d Mon Sep 17 00:00:00 2001
From: Lukasz Dziedziak <lukidzi@gmail.com>
Date: Thu, 14 Nov 2024 17:57:11 +0100
Subject: [PATCH] fix(meshtimeout): don't set default timeouts on inbound
 cluster and listener (#12043)

We noticed that when a user upgrades to version 2.9.x without a default
MeshTimeout/Timeout policy, default timeouts are applied on inbound
clusters and listeners. This could disrupt the existing behavior of the
environment.

When no policy is present, we simply skip configuration and do not set
up the timeouts for inbound cluster or listener.

Fix https://github.com/kumahq/kuma/issues/12033

<!--
> Changelog: skip
-->
<!--
Uncomment the above section to explicitly set a [`> Changelog:` entry
here](https://github.com/kumahq/kuma/blob/master/CONTRIBUTING.md#submitting-a-patch)?
-->

---------

Signed-off-by: Lukasz Dziedziak <lukidzi@gmail.com>
---
 ...thout_defaults_inbound_cluster.golden.yaml |  1 +
 ...hout_defaults_inbound_listener.golden.yaml | 32 +++++++++++++++++++
 .../meshtimeout/plugin/v1alpha1/plugin.go     |  7 ++++
 .../plugin/v1alpha1/plugin_test.go            | 24 ++++++++++++++
 4 files changed, 64 insertions(+)
 create mode 100644 pkg/plugins/policies/meshtimeout/plugin/testdata/basic_without_defaults_inbound_cluster.golden.yaml
 create mode 100644 pkg/plugins/policies/meshtimeout/plugin/testdata/basic_without_defaults_inbound_listener.golden.yaml

diff --git a/pkg/plugins/policies/meshtimeout/plugin/testdata/basic_without_defaults_inbound_cluster.golden.yaml b/pkg/plugins/policies/meshtimeout/plugin/testdata/basic_without_defaults_inbound_cluster.golden.yaml
new file mode 100644
index 000000000000..21bbf819ffa4
--- /dev/null
+++ b/pkg/plugins/policies/meshtimeout/plugin/testdata/basic_without_defaults_inbound_cluster.golden.yaml
@@ -0,0 +1 @@
+name: localhost:8080
diff --git a/pkg/plugins/policies/meshtimeout/plugin/testdata/basic_without_defaults_inbound_listener.golden.yaml b/pkg/plugins/policies/meshtimeout/plugin/testdata/basic_without_defaults_inbound_listener.golden.yaml
new file mode 100644
index 000000000000..40e713880159
--- /dev/null
+++ b/pkg/plugins/policies/meshtimeout/plugin/testdata/basic_without_defaults_inbound_listener.golden.yaml
@@ -0,0 +1,32 @@
+address:
+  socketAddress:
+    address: 127.0.0.1
+    portValue: 80
+enableReusePort: false
+filterChains:
+- filters:
+  - name: envoy.filters.network.http_connection_manager
+    typedConfig:
+      '@type': type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager
+      httpFilters:
+      - name: envoy.filters.http.router
+        typedConfig:
+          '@type': type.googleapis.com/envoy.extensions.filters.http.router.v3.Router
+      routeConfig:
+        name: inbound:backend
+        requestHeadersToRemove:
+        - x-kuma-tags
+        validateClusters: false
+        virtualHosts:
+        - domains:
+          - '*'
+          name: backend
+          routes:
+          - match:
+              prefix: /
+            route:
+              cluster: backend
+              timeout: 0s
+      statPrefix: inbound_127_0_0_1_80
+name: inbound:127.0.0.1:80
+trafficDirection: INBOUND
diff --git a/pkg/plugins/policies/meshtimeout/plugin/v1alpha1/plugin.go b/pkg/plugins/policies/meshtimeout/plugin/v1alpha1/plugin.go
index 1d0b142e7282..7caafe6b7bd5 100644
--- a/pkg/plugins/policies/meshtimeout/plugin/v1alpha1/plugin.go
+++ b/pkg/plugins/policies/meshtimeout/plugin/v1alpha1/plugin.go
@@ -83,6 +83,13 @@ func applyToInbounds(fromRules core_rules.FromRules, inboundListeners map[core_r
 		}
 
 		protocol := core_mesh.ParseProtocol(inbound.GetProtocol())
+<<<<<<< HEAD
+=======
+		conf := getConf(fromRules.Rules[listenerKey], core_rules.MeshSubset())
+		if conf == nil {
+			continue
+		}
+>>>>>>> 844c9881c (fix(meshtimeout): don't set default timeouts on inbound cluster and listener (#12043))
 		configurer := plugin_xds.ListenerConfigurer{
 			Rules:    fromRules.Rules[listenerKey],
 			Subset:   core_rules.MeshSubset(),
diff --git a/pkg/plugins/policies/meshtimeout/plugin/v1alpha1/plugin_test.go b/pkg/plugins/policies/meshtimeout/plugin/v1alpha1/plugin_test.go
index e855561af7b1..39c6d4488ef6 100644
--- a/pkg/plugins/policies/meshtimeout/plugin/v1alpha1/plugin_test.go
+++ b/pkg/plugins/policies/meshtimeout/plugin/v1alpha1/plugin_test.go
@@ -221,6 +221,30 @@ var _ = Describe("MeshTimeout", func() {
 			expectedClusters:  []string{"basic_inbound_cluster.golden.yaml"},
 			expectedListeners: []string{"basic_inbound_listener.golden.yaml"},
 		}),
+		Entry("basic inbound route without defaults", sidecarTestCase{
+			resources: []core_xds.Resource{
+				{
+					Name:     "inbound",
+					Origin:   generator.OriginInbound,
+					Resource: httpInboundListenerWith(),
+				},
+				{
+					Name:     "inbound",
+					Origin:   generator.OriginInbound,
+					Resource: test_xds.ClusterWithName(fmt.Sprintf("localhost:%d", builders.FirstInboundServicePort)),
+				},
+			},
+			fromRules: core_rules.FromRules{
+				Rules: map[core_rules.InboundListener]core_rules.Rules{
+					{
+						Address: "127.0.0.1",
+						Port:    80,
+					}: []*core_rules.Rule{},
+				},
+			},
+			expectedClusters:  []string{"basic_without_defaults_inbound_cluster.golden.yaml"},
+			expectedListeners: []string{"basic_without_defaults_inbound_listener.golden.yaml"},
+		}),
 		Entry("outbound with defaults when http conf missing", sidecarTestCase{
 			resources: []core_xds.Resource{
 				{