Control Plane Tracing

[crstrn13]

Operator Span Metadata & Content

• test_operator_traces_include_policy_context

  • Validates policy metadata in spans:
    • policy.name
    • policy.namespace
    • policy.kind (AuthPolicy/RateLimitPolicy)
    • policy.uid

• test_operator_spans_include_reconciliation_details

  • Validates reconciliation context:
    • event_kinds (what resources triggered reconciliation)
    • event_count
    • Reconciliation result (success/error status)

• test_operator_traces_show_child_resource_creation

  • Parametrized test for AuthPolicy and RateLimitPolicy
  • Validates sub-operation spans:
    • reconciler.auth_configs (AuthPolicy)
    • reconciler.limitador_limits (RateLimitPolicy)
    • reconciler.istio_auth_cluster / reconciler.istio_ratelimit_cluster
    • WASM plugin configuration spans

Control-Plane to Data-Plane Correlation

• test_correlate_policy_enforcement_with_data_plane_traces

  • Correlates control plane and data plane traces
  • Validates policy reference in both:
    • Control plane: source_policies tag
    • Data plane: sources tag
  • Confirms same policy name appears in both traces

• test_policy_validation_spans_show_success_or_failure

  • Validates policy validation spans
  • Checks for success indicators in logs and status
  • Confirms validation happens during reconciliation

• test_policy_update_generates_new_reconciliation_trace

  • Validates policy updates trigger new reconciliation traces
  • Verifies update traces are distinguishable from creation traces
  • Confirms multiple reconciliation events are traceable
  • Enables debugging "why isn't my update working?"

• test_invalid_policy_validation_failure_traced

  • Validates invalid policies generate traces
  • Checks for error indicators in spans and logs
  • Verifies validation failures are observable
  • Enables debugging "why was my policy rejected?"