xds: support wildcard domain matching for RDS response (#3397)
This commit is contained in:
Menghan Li
@ -24,6 +24,7 @@ import (
|
||||
"strings"
|
||||
|
||||
xdspb "github.com/envoyproxy/go-control-plane/envoy/api/v2"
|
||||
routepb "github.com/envoyproxy/go-control-plane/envoy/api/v2/route"
|
||||
"github.com/golang/protobuf/ptypes"
|
||||
)
|
||||
|
||||
@ -116,27 +117,27 @@ func getClusterFromRouteConfiguration(rc *xdspb.RouteConfiguration, target strin
|
||||
//
|
||||
// For logging purposes, we can log in line. But if we want to populate
|
||||
// error details for nack, a detailed error needs to be returned.
|
||||
|
||||
host, err := hostFromTarget(target)
|
||||
if err != nil {
|
||||
return ""
|
||||
}
|
||||
for _, vh := range rc.GetVirtualHosts() {
|
||||
for _, domain := range vh.GetDomains() {
|
||||
// TODO: Add support for wildcard matching here?
|
||||
if domain != host || len(vh.GetRoutes()) == 0 {
|
||||
continue
|
||||
}
|
||||
dr := vh.Routes[len(vh.Routes)-1]
|
||||
if match := dr.GetMatch(); match == nil || match.GetPrefix() != "" {
|
||||
continue
|
||||
}
|
||||
route := dr.GetRoute()
|
||||
if route == nil {
|
||||
continue
|
||||
}
|
||||
return route.GetCluster()
|
||||
}
|
||||
vh := findBestMatchingVirtualHost(host, rc.GetVirtualHosts())
|
||||
if vh == nil {
|
||||
// No matching virtual host found.
|
||||
return ""
|
||||
}
|
||||
if len(vh.Routes) == 0 {
|
||||
// The matched virtual host has no routes, this is invalid because there
|
||||
// should be at least one default route.
|
||||
return ""
|
||||
}
|
||||
dr := vh.Routes[len(vh.Routes)-1]
|
||||
if match := dr.GetMatch(); match == nil || match.GetPrefix() != "" {
|
||||
// The matched virtual host is invalid.
|
||||
return ""
|
||||
}
|
||||
if route := dr.GetRoute(); route != nil {
|
||||
return route.GetCluster()
|
||||
}
|
||||
return ""
|
||||
}
|
||||
@ -155,3 +156,97 @@ func hostFromTarget(target string) (string, error) {
|
||||
}
|
||||
return h, nil
|
||||
}
|
||||
|
||||
type domainMatchType int
|
||||
|
||||
const (
|
||||
domainMatchTypeInvalid domainMatchType = iota
|
||||
domainMatchTypeUniversal
|
||||
domainMatchTypePrefix
|
||||
domainMatchTypeSuffix
|
||||
domainMatchTypeExact
|
||||
)
|
||||
|
||||
// Exact > Suffix > Prefix > Universal > Invalid.
|
||||
func (t domainMatchType) betterThan(b domainMatchType) bool {
|
||||
return t > b
|
||||
}
|
||||
|
||||
func matchTypeForDomain(d string) domainMatchType {
|
||||
if d == "" {
|
||||
return domainMatchTypeInvalid
|
||||
}
|
||||
if d == "*" {
|
||||
return domainMatchTypeUniversal
|
||||
}
|
||||
if strings.HasPrefix(d, "*") {
|
||||
return domainMatchTypeSuffix
|
||||
}
|
||||
if strings.HasSuffix(d, "*") {
|
||||
return domainMatchTypePrefix
|
||||
}
|
||||
if strings.Contains(d, "*") {
|
||||
return domainMatchTypeInvalid
|
||||
}
|
||||
return domainMatchTypeExact
|
||||
}
|
||||
|
||||
func match(domain, host string) (domainMatchType, bool) {
|
||||
switch typ := matchTypeForDomain(domain); typ {
|
||||
case domainMatchTypeInvalid:
|
||||
return typ, false
|
||||
case domainMatchTypeUniversal:
|
||||
return typ, true
|
||||
case domainMatchTypePrefix:
|
||||
// abc.*
|
||||
return typ, strings.HasPrefix(host, strings.TrimSuffix(domain, "*"))
|
||||
case domainMatchTypeSuffix:
|
||||
// *.123
|
||||
return typ, strings.HasSuffix(host, strings.TrimPrefix(domain, "*"))
|
||||
case domainMatchTypeExact:
|
||||
return typ, domain == host
|
||||
default:
|
||||
return domainMatchTypeInvalid, false
|
||||
}
|
||||
}
|
||||
|
||||
// findBestMatchingVirtualHost returns the virtual host whose domains field best
|
||||
// matches host
|
||||
//
|
||||
// The domains field support 4 different matching pattern types:
|
||||
// - Exact match
|
||||
// - Suffix match (e.g. “*ABC”)
|
||||
// - Prefix match (e.g. “ABC*)
|
||||
// - Universal match (e.g. “*”)
|
||||
//
|
||||
// The best match is defined as:
|
||||
// - A match is better if it’s matching pattern type is better
|
||||
// - Exact match > suffix match > prefix match > universal match
|
||||
// - If two matches are of the same pattern type, the longer match is better
|
||||
// - This is to compare the length of the matching pattern, e.g. “*ABCDE” >
|
||||
// “*ABC”
|
||||
func findBestMatchingVirtualHost(host string, vHosts []*routepb.VirtualHost) *routepb.VirtualHost {
|
||||
var (
|
||||
matchVh *routepb.VirtualHost
|
||||
matchType = domainMatchTypeInvalid
|
||||
matchLen int
|
||||
)
|
||||
for _, vh := range vHosts {
|
||||
for _, domain := range vh.GetDomains() {
|
||||
typ, matched := match(domain, host)
|
||||
if typ == domainMatchTypeInvalid {
|
||||
// The rds response is invalid.
|
||||
return nil
|
||||
}
|
||||
if matchType.betterThan(typ) || matchType == typ && matchLen >= len(domain) || !matched {
|
||||
// The previous match has better type, or the previous match has
|
||||
// better length, or this domain isn't a match.
|
||||
continue
|
||||
}
|
||||
matchVh = vh
|
||||
matchType = typ
|
||||
matchLen = len(domain)
|
||||
}
|
||||
}
|
||||
return matchVh
|
||||
}
|
||||
|
||||
@ -500,3 +500,105 @@ func (s) TestHostFromTarget(t *testing.T) {
|
||||
})
|
||||
}
|
||||
}
|
||||
|
||||
func TestMatchTypeForDomain(t *testing.T) {
|
||||
tests := []struct {
|
||||
d string
|
||||
want domainMatchType
|
||||
}{
|
||||
{d: "", want: domainMatchTypeInvalid},
|
||||
{d: "*", want: domainMatchTypeUniversal},
|
||||
{d: "bar.*", want: domainMatchTypePrefix},
|
||||
{d: "*.abc.com", want: domainMatchTypeSuffix},
|
||||
{d: "foo.bar.com", want: domainMatchTypeExact},
|
||||
{d: "foo.*.com", want: domainMatchTypeInvalid},
|
||||
}
|
||||
for _, tt := range tests {
|
||||
if got := matchTypeForDomain(tt.d); got != tt.want {
|
||||
t.Errorf("matchTypeForDomain(%q) = %v, want %v", tt.d, got, tt.want)
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
func TestMatch(t *testing.T) {
|
||||
tests := []struct {
|
||||
name string
|
||||
domain string
|
||||
host string
|
||||
wantTyp domainMatchType
|
||||
wantMatched bool
|
||||
}{
|
||||
{name: "invalid-empty", domain: "", host: "", wantTyp: domainMatchTypeInvalid, wantMatched: false},
|
||||
{name: "invalid", domain: "a.*.b", host: "", wantTyp: domainMatchTypeInvalid, wantMatched: false},
|
||||
{name: "universal", domain: "*", host: "abc.com", wantTyp: domainMatchTypeUniversal, wantMatched: true},
|
||||
{name: "prefix-match", domain: "abc.*", host: "abc.123", wantTyp: domainMatchTypePrefix, wantMatched: true},
|
||||
{name: "prefix-no-match", domain: "abc.*", host: "abcd.123", wantTyp: domainMatchTypePrefix, wantMatched: false},
|
||||
{name: "suffix-match", domain: "*.123", host: "abc.123", wantTyp: domainMatchTypeSuffix, wantMatched: true},
|
||||
{name: "suffix-no-match", domain: "*.123", host: "abc.1234", wantTyp: domainMatchTypeSuffix, wantMatched: false},
|
||||
{name: "exact-match", domain: "foo.bar", host: "foo.bar", wantTyp: domainMatchTypeExact, wantMatched: true},
|
||||
{name: "exact-no-match", domain: "foo.bar.com", host: "foo.bar", wantTyp: domainMatchTypeExact, wantMatched: false},
|
||||
}
|
||||
for _, tt := range tests {
|
||||
t.Run(tt.name, func(t *testing.T) {
|
||||
if gotTyp, gotMatched := match(tt.domain, tt.host); gotTyp != tt.wantTyp || gotMatched != tt.wantMatched {
|
||||
t.Errorf("match() = %v, %v, want %v, %v", gotTyp, gotMatched, tt.wantTyp, tt.wantMatched)
|
||||
}
|
||||
})
|
||||
}
|
||||
}
|
||||
|
||||
func TestFindBestMatchingVirtualHost(t *testing.T) {
|
||||
var (
|
||||
oneExactMatch = &routepb.VirtualHost{
|
||||
Name: "one-exact-match",
|
||||
Domains: []string{"foo.bar.com"},
|
||||
}
|
||||
oneSuffixMatch = &routepb.VirtualHost{
|
||||
Name: "one-suffix-match",
|
||||
Domains: []string{"*.bar.com"},
|
||||
}
|
||||
onePrefixMatch = &routepb.VirtualHost{
|
||||
Name: "one-prefix-match",
|
||||
Domains: []string{"foo.bar.*"},
|
||||
}
|
||||
oneUniversalMatch = &routepb.VirtualHost{
|
||||
Name: "one-universal-match",
|
||||
Domains: []string{"*"},
|
||||
}
|
||||
longExactMatch = &routepb.VirtualHost{
|
||||
Name: "one-exact-match",
|
||||
Domains: []string{"v2.foo.bar.com"},
|
||||
}
|
||||
multipleMatch = &routepb.VirtualHost{
|
||||
Name: "multiple-match",
|
||||
Domains: []string{"pi.foo.bar.com", "314.*", "*.159"},
|
||||
}
|
||||
vhs = []*routepb.VirtualHost{oneExactMatch, oneSuffixMatch, onePrefixMatch, oneUniversalMatch, longExactMatch, multipleMatch}
|
||||
)
|
||||
|
||||
tests := []struct {
|
||||
name string
|
||||
host string
|
||||
vHosts []*routepb.VirtualHost
|
||||
want *routepb.VirtualHost
|
||||
}{
|
||||
{name: "exact-match", host: "foo.bar.com", vHosts: vhs, want: oneExactMatch},
|
||||
{name: "suffix-match", host: "123.bar.com", vHosts: vhs, want: oneSuffixMatch},
|
||||
{name: "prefix-match", host: "foo.bar.org", vHosts: vhs, want: onePrefixMatch},
|
||||
{name: "universal-match", host: "abc.123", vHosts: vhs, want: oneUniversalMatch},
|
||||
{name: "long-exact-match", host: "v2.foo.bar.com", vHosts: vhs, want: longExactMatch},
|
||||
// Matches suffix "*.bar.com" and exact "pi.foo.bar.com". Takes exact.
|
||||
{name: "multiple-match-exact", host: "pi.foo.bar.com", vHosts: vhs, want: multipleMatch},
|
||||
// Matches suffix "*.159" and prefix "foo.bar.*". Takes suffix.
|
||||
{name: "multiple-match-suffix", host: "foo.bar.159", vHosts: vhs, want: multipleMatch},
|
||||
// Matches suffix "*.bar.com" and prefix "314.*". Takes suffix.
|
||||
{name: "multiple-match-prefix", host: "314.bar.com", vHosts: vhs, want: oneSuffixMatch},
|
||||
}
|
||||
for _, tt := range tests {
|
||||
t.Run(tt.name, func(t *testing.T) {
|
||||
if got := findBestMatchingVirtualHost(tt.host, tt.vHosts); !reflect.DeepEqual(got, tt.want) {
|
||||
t.Errorf("findBestMatchingVirtualHost() = %v, want %v", got, tt.want)
|
||||
}
|
||||
})
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user