Fix haproxy router config manager issue where sanitize pems don't mat…

…ch when extended validation is enabled (causes a reload where none is needed). fixes bugz #1615802 o address review comments.
openshift · Aug 15, 2018 · 8773471 · 8773471
1 parent 80abd58
commit 8773471
Show file tree

Hide file tree

Showing 3 changed files with 36 additions and 2 deletions.
diff --git a/pkg/cmd/infra/router/template.go b/pkg/cmd/infra/router/template.go
@@ -468,6 +468,7 @@ func (o *TemplateRouterOptions) Run() error {
 			BlueprintRoutePoolSize: o.BlueprintRoutePoolSize,
 			MaxDynamicServers:      o.MaxDynamicServers,
 			WildcardRoutesAllowed:  o.AllowWildcardRoutes,
+			ExtendedValidation:     o.ExtendedValidation,
 		}
 		cfgManager = haproxyconfigmanager.NewHAProxyConfigManager(cmopts)
 		if len(o.BlueprintRouteNamespace) > 0 {

diff --git a/pkg/router/template/configmanager/haproxy/manager.go b/pkg/router/template/configmanager/haproxy/manager.go
@@ -15,6 +15,7 @@ import (
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 
 	routeapi "github.com/openshift/origin/pkg/route/apis/route"
+	"github.com/openshift/origin/pkg/route/apis/route/validation"
 	templaterouter "github.com/openshift/origin/pkg/router/template"
 	templateutil "github.com/openshift/origin/pkg/router/template/util"
 )
@@ -119,6 +120,9 @@ type haproxyConfigManager struct {
 	// wildcardRoutesAllowed indicates if wildcard routes are allowed.
 	wildcardRoutesAllowed bool
 
+	// extendedValidation indicates if extended route validation is enabled.
+	extendedValidation bool
+
 	// router is the associated template router.
 	router templaterouter.RouterInterface
 
@@ -154,10 +158,11 @@ func NewHAProxyConfigManager(options templaterouter.ConfigManagerOptions) *hapro
 	return &haproxyConfigManager{
 		connectionInfo:         options.ConnectionInfo,
 		commitInterval:         options.CommitInterval,
-		blueprintRoutes:        buildBlueprintRoutes(options.BlueprintRoutes),
+		blueprintRoutes:        buildBlueprintRoutes(options.BlueprintRoutes, options.ExtendedValidation),
 		blueprintRoutePoolSize: options.BlueprintRoutePoolSize,
 		maxDynamicServers:      options.MaxDynamicServers,
 		wildcardRoutesAllowed:  options.WildcardRoutesAllowed,
+		extendedValidation:     options.ExtendedValidation,
 		defaultCertificate:     "",
 
 		client:           client,
@@ -199,6 +204,14 @@ func (cm *haproxyConfigManager) AddBlueprint(route *routeapi.Route) {
 	newRoute.Namespace = blueprintRoutePoolNamespace
 	newRoute.Spec.Host = ""
 
+	if cm.extendedValidation {
+		if err := validateBlueprintRoute(newRoute); err != nil {
+			glog.Errorf("Skipping blueprint route %s/%s due to invalid configuration: %v",
+				route.Namespace, route.Name, err)
+			return
+		}
+	}
+
 	cm.lock.Lock()
 	existingBlueprints := cm.blueprintRoutes
 	cm.lock.Unlock()
@@ -915,8 +928,18 @@ func (entry *routeBackendEntry) BuildMapAssociations(route *routeapi.Route) {
 	}
 }
 
+// validateBlueprintRoute runs extended validation on a blueprint route.
+func validateBlueprintRoute(route *routeapi.Route) error {
+	if errs := validation.ExtendedValidateRoute(route); len(errs) > 0 {
+		agg := errs.ToAggregate()
+		return fmt.Errorf(agg.Error())
+	}
+
+	return nil
+}
+
 // buildBlueprintRoutes generates a list of blueprint routes.
-func buildBlueprintRoutes(customRoutes []*routeapi.Route) []*routeapi.Route {
+func buildBlueprintRoutes(customRoutes []*routeapi.Route, validate bool) []*routeapi.Route {
 	routes := make([]*routeapi.Route, 0)
 
 	// Add in defaults based on the different route termination types.
@@ -937,6 +960,13 @@ func buildBlueprintRoutes(customRoutes []*routeapi.Route) []*routeapi.Route {
 	for _, r := range customRoutes {
 		dolly := r.DeepCopy()
 		dolly.Namespace = blueprintRoutePoolNamespace
+		if validate {
+			if err := validateBlueprintRoute(dolly); err != nil {
+				glog.Errorf("Skipping blueprint route %s/%s due to invalid configuration: %v", r.Namespace, r.Name, err)
+				continue
+			}
+		}
+
 		routes = append(routes, dolly)
 	}
 

diff --git a/pkg/router/template/types.go b/pkg/router/template/types.go
@@ -166,6 +166,9 @@ type ConfigManagerOptions struct {
 
 	// WildcardRoutesAllowed indicates if wildcard routes are allowed.
 	WildcardRoutesAllowed bool
+
+	// ExtendedValidation indicates if extended route validation is enabled.
+	ExtendedValidation bool
 }
 
 // ConfigManager is used by the router to make configuration changes using