Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

gateway-api: fix wildcard matching #4124

Merged
merged 2 commits into from
Dec 23, 2023
Merged

gateway-api: fix wildcard matching #4124

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
5da9393
gateway-api: upgrade from v0.7.1 to v1.0.0
abursavich Nov 3, 2023
a50a4f9
gateway-api: make wildcards suffix matchers (e.g. match multiple labels)
abursavich Dec 19, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
99 changes: 75 additions & 24 deletions source/gateway.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@ package source
import (
"context"
"fmt"
"net/netip"
"sort"
"strings"
"text/template"
Expand Down Expand Up @@ -486,39 +487,89 @@ func gwProtocolMatches(a, b v1.ProtocolType) bool {
}

// gwMatchingHost returns the most-specific overlapping host and a bool indicating if one was found.
// For example, if one host is "*.foo.com" and the other is "bar.foo.com", "bar.foo.com" will be returned.
// An empty string matches anything.
func gwMatchingHost(gwHost, rtHost string) (string, bool) {
gwHost = toLowerCaseASCII(gwHost) // TODO: trim "." suffix?
rtHost = toLowerCaseASCII(rtHost) // TODO: trim "." suffix?
// Hostnames that are prefixed with a wildcard label (`*.`) are interpreted as a suffix match.
// That means that "*.example.com" would match both "test.example.com" and "foo.test.example.com",
// but not "example.com". An empty string matches anything.
func gwMatchingHost(a, b string) (string, bool) {
var ok bool
if a, ok = gwHost(a); !ok {
return "", false
}
if b, ok = gwHost(b); !ok {
return "", false
}

if gwHost == "" {
return rtHost, true
if a == "" {
return b, true
}
if rtHost == "" {
return gwHost, true
if b == "" || a == b {
return a, true
}
if na, nb := len(a), len(b); nb < na || (na == nb && strings.HasPrefix(b, "*.")) {
a, b = b, a
}
if strings.HasPrefix(a, "*.") && strings.HasSuffix(b, a[1:]) {
return b, true
}
return "", false
}

gwParts := strings.Split(gwHost, ".")
rtParts := strings.Split(rtHost, ".")
if len(gwParts) != len(rtParts) {
// gwHost returns the canonical host and a value indicating if it's valid.
func gwHost(host string) (string, bool) {
if host == "" {
return "", true
}
if isIPAddr(host) || !isDNS1123Domain(strings.TrimPrefix(host, "*.")) {
return "", false
}
return toLowerCaseASCII(host), true
}

// isIPAddr returns whether s in an IP address.
func isIPAddr(s string) bool {
_, err := netip.ParseAddr(s)
return err == nil
}

host := rtHost
for i, gwPart := range gwParts {
switch rtPart := rtParts[i]; {
case rtPart == gwPart:
// continue
case i == 0 && gwPart == "*":
// continue
case i == 0 && rtPart == "*":
host = gwHost // gwHost is more specific
default:
return "", false
// isDNS1123Domain returns whether s is a valid domain name according to RFC 1123.
func isDNS1123Domain(s string) bool {
if n := len(s); n == 0 || n > 255 {
return false
}
for lbl, rest := "", s; rest != ""; {
if lbl, rest, _ = strings.Cut(rest, "."); !isDNS1123Label(lbl) {
return false
}
}
return host, true
return true
}

// isDNS1123Label returns whether s is a valid domain label according to RFC 1123.
func isDNS1123Label(s string) bool {
n := len(s)
if n == 0 || n > 63 {
return false
}
if !isAlphaNum(s[0]) || !isAlphaNum(s[n-1]) {
return false
}
for i, k := 1, n-1; i < k; i++ {
if b := s[i]; b != '-' && !isAlphaNum(b) {
return false
}
}
return true
}

func isAlphaNum(b byte) bool {
switch {
case 'a' <= b && b <= 'z',
'A' <= b && b <= 'Z',
'0' <= b && b <= '9':
return true
default:
return false
}
}

func strVal(ptr *string, def string) string {
Expand Down
7 changes: 3 additions & 4 deletions source/gateway_grpcroute_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,6 @@ import (
"sigs.k8s.io/external-dns/endpoint"
v1 "sigs.k8s.io/gateway-api/apis/v1"
"sigs.k8s.io/gateway-api/apis/v1alpha2"
"sigs.k8s.io/gateway-api/apis/v1beta1"
gatewayfake "sigs.k8s.io/gateway-api/pkg/client/clientset/versioned/fake"
)

Expand Down Expand Up @@ -55,7 +54,7 @@ func TestGatewayGRPCRouteSourceEndpoints(t *testing.T) {
Name: "internal",
Namespace: "default",
},
Spec: v1beta1.GatewaySpec{
Spec: v1.GatewaySpec{
Listeners: []v1.Listener{{
Protocol: v1.HTTPSProtocolType,
}},
Expand All @@ -74,10 +73,10 @@ func TestGatewayGRPCRouteSourceEndpoints(t *testing.T) {
},
},
Spec: v1alpha2.GRPCRouteSpec{
Hostnames: []v1alpha2.Hostname{"api-hostnames.foobar.internal"},
Hostnames: []v1.Hostname{"api-hostnames.foobar.internal"},
},
Status: v1alpha2.GRPCRouteStatus{
RouteStatus: v1a2RouteStatus(v1a2ParentRef("default", "internal")),
RouteStatus: gwRouteStatus(gwParentRef("default", "internal")),
},
}
_, err = gwClient.GatewayV1alpha2().GRPCRoutes(rt.Namespace).Create(ctx, rt, metav1.CreateOptions{})
Expand Down