Skip to content

Commit

Permalink
xds: support wildcard domain matching for RDS response (#3397)
Browse files Browse the repository at this point in the history
menghanl authored Feb 28, 2020
1 parent 73cf2d2 commit e139b47
Showing 2 changed files with 214 additions and 17 deletions.
129 changes: 112 additions & 17 deletions xds/internal/client/rds.go
Original file line number Diff line number Diff line change
@@ -24,6 +24,7 @@ import (
"strings"

xdspb "github.com/envoyproxy/go-control-plane/envoy/api/v2"
routepb "github.com/envoyproxy/go-control-plane/envoy/api/v2/route"
"github.com/golang/protobuf/ptypes"
)

@@ -116,27 +117,27 @@ func getClusterFromRouteConfiguration(rc *xdspb.RouteConfiguration, target strin
//
// For logging purposes, we can log in line. But if we want to populate
// error details for nack, a detailed error needs to be returned.

host, err := hostFromTarget(target)
if err != nil {
return ""
}
for _, vh := range rc.GetVirtualHosts() {
for _, domain := range vh.GetDomains() {
// TODO: Add support for wildcard matching here?
if domain != host || len(vh.GetRoutes()) == 0 {
continue
}
dr := vh.Routes[len(vh.Routes)-1]
if match := dr.GetMatch(); match == nil || match.GetPrefix() != "" {
continue
}
route := dr.GetRoute()
if route == nil {
continue
}
return route.GetCluster()
}
vh := findBestMatchingVirtualHost(host, rc.GetVirtualHosts())
if vh == nil {
// No matching virtual host found.
return ""
}
if len(vh.Routes) == 0 {
// The matched virtual host has no routes, this is invalid because there
// should be at least one default route.
return ""
}
dr := vh.Routes[len(vh.Routes)-1]
if match := dr.GetMatch(); match == nil || match.GetPrefix() != "" {
// The matched virtual host is invalid.
return ""
}
if route := dr.GetRoute(); route != nil {
return route.GetCluster()
}
return ""
}
@@ -155,3 +156,97 @@ func hostFromTarget(target string) (string, error) {
}
return h, nil
}

type domainMatchType int

const (
domainMatchTypeInvalid domainMatchType = iota
domainMatchTypeUniversal
domainMatchTypePrefix
domainMatchTypeSuffix
domainMatchTypeExact
)

// Exact > Suffix > Prefix > Universal > Invalid.
func (t domainMatchType) betterThan(b domainMatchType) bool {
return t > b
}

func matchTypeForDomain(d string) domainMatchType {
if d == "" {
return domainMatchTypeInvalid
}
if d == "*" {
return domainMatchTypeUniversal
}
if strings.HasPrefix(d, "*") {
return domainMatchTypeSuffix
}
if strings.HasSuffix(d, "*") {
return domainMatchTypePrefix
}
if strings.Contains(d, "*") {
return domainMatchTypeInvalid
}
return domainMatchTypeExact
}

func match(domain, host string) (domainMatchType, bool) {
switch typ := matchTypeForDomain(domain); typ {
case domainMatchTypeInvalid:
return typ, false
case domainMatchTypeUniversal:
return typ, true
case domainMatchTypePrefix:
// abc.*
return typ, strings.HasPrefix(host, strings.TrimSuffix(domain, "*"))
case domainMatchTypeSuffix:
// *.123
return typ, strings.HasSuffix(host, strings.TrimPrefix(domain, "*"))
case domainMatchTypeExact:
return typ, domain == host
default:
return domainMatchTypeInvalid, false
}
}

// findBestMatchingVirtualHost returns the virtual host whose domains field best
// matches host
//
// The domains field support 4 different matching pattern types:
// - Exact match
// - Suffix match (e.g. “*ABC”)
// - Prefix match (e.g. “ABC*)
// - Universal match (e.g. “*”)
//
// The best match is defined as:
// - A match is better if it’s matching pattern type is better
// - Exact match > suffix match > prefix match > universal match
// - If two matches are of the same pattern type, the longer match is better
// - This is to compare the length of the matching pattern, e.g. “*ABCDE” >
// “*ABC”
func findBestMatchingVirtualHost(host string, vHosts []*routepb.VirtualHost) *routepb.VirtualHost {
var (
matchVh *routepb.VirtualHost
matchType = domainMatchTypeInvalid
matchLen int
)
for _, vh := range vHosts {
for _, domain := range vh.GetDomains() {
typ, matched := match(domain, host)
if typ == domainMatchTypeInvalid {
// The rds response is invalid.
return nil
}
if matchType.betterThan(typ) || matchType == typ && matchLen >= len(domain) || !matched {
// The previous match has better type, or the previous match has
// better length, or this domain isn't a match.
continue
}
matchVh = vh
matchType = typ
matchLen = len(domain)
}
}
return matchVh
}
102 changes: 102 additions & 0 deletions xds/internal/client/rds_test.go
Original file line number Diff line number Diff line change
@@ -500,3 +500,105 @@ func (s) TestHostFromTarget(t *testing.T) {
})
}
}

func TestMatchTypeForDomain(t *testing.T) {
tests := []struct {
d string
want domainMatchType
}{
{d: "", want: domainMatchTypeInvalid},
{d: "*", want: domainMatchTypeUniversal},
{d: "bar.*", want: domainMatchTypePrefix},
{d: "*.abc.com", want: domainMatchTypeSuffix},
{d: "foo.bar.com", want: domainMatchTypeExact},
{d: "foo.*.com", want: domainMatchTypeInvalid},
}
for _, tt := range tests {
if got := matchTypeForDomain(tt.d); got != tt.want {
t.Errorf("matchTypeForDomain(%q) = %v, want %v", tt.d, got, tt.want)
}
}
}

func TestMatch(t *testing.T) {
tests := []struct {
name string
domain string
host string
wantTyp domainMatchType
wantMatched bool
}{
{name: "invalid-empty", domain: "", host: "", wantTyp: domainMatchTypeInvalid, wantMatched: false},
{name: "invalid", domain: "a.*.b", host: "", wantTyp: domainMatchTypeInvalid, wantMatched: false},
{name: "universal", domain: "*", host: "abc.com", wantTyp: domainMatchTypeUniversal, wantMatched: true},
{name: "prefix-match", domain: "abc.*", host: "abc.123", wantTyp: domainMatchTypePrefix, wantMatched: true},
{name: "prefix-no-match", domain: "abc.*", host: "abcd.123", wantTyp: domainMatchTypePrefix, wantMatched: false},
{name: "suffix-match", domain: "*.123", host: "abc.123", wantTyp: domainMatchTypeSuffix, wantMatched: true},
{name: "suffix-no-match", domain: "*.123", host: "abc.1234", wantTyp: domainMatchTypeSuffix, wantMatched: false},
{name: "exact-match", domain: "foo.bar", host: "foo.bar", wantTyp: domainMatchTypeExact, wantMatched: true},
{name: "exact-no-match", domain: "foo.bar.com", host: "foo.bar", wantTyp: domainMatchTypeExact, wantMatched: false},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
if gotTyp, gotMatched := match(tt.domain, tt.host); gotTyp != tt.wantTyp || gotMatched != tt.wantMatched {
t.Errorf("match() = %v, %v, want %v, %v", gotTyp, gotMatched, tt.wantTyp, tt.wantMatched)
}
})
}
}

func TestFindBestMatchingVirtualHost(t *testing.T) {
var (
oneExactMatch = &routepb.VirtualHost{
Name: "one-exact-match",
Domains: []string{"foo.bar.com"},
}
oneSuffixMatch = &routepb.VirtualHost{
Name: "one-suffix-match",
Domains: []string{"*.bar.com"},
}
onePrefixMatch = &routepb.VirtualHost{
Name: "one-prefix-match",
Domains: []string{"foo.bar.*"},
}
oneUniversalMatch = &routepb.VirtualHost{
Name: "one-universal-match",
Domains: []string{"*"},
}
longExactMatch = &routepb.VirtualHost{
Name: "one-exact-match",
Domains: []string{"v2.foo.bar.com"},
}
multipleMatch = &routepb.VirtualHost{
Name: "multiple-match",
Domains: []string{"pi.foo.bar.com", "314.*", "*.159"},
}
vhs = []*routepb.VirtualHost{oneExactMatch, oneSuffixMatch, onePrefixMatch, oneUniversalMatch, longExactMatch, multipleMatch}
)

tests := []struct {
name string
host string
vHosts []*routepb.VirtualHost
want *routepb.VirtualHost
}{
{name: "exact-match", host: "foo.bar.com", vHosts: vhs, want: oneExactMatch},
{name: "suffix-match", host: "123.bar.com", vHosts: vhs, want: oneSuffixMatch},
{name: "prefix-match", host: "foo.bar.org", vHosts: vhs, want: onePrefixMatch},
{name: "universal-match", host: "abc.123", vHosts: vhs, want: oneUniversalMatch},
{name: "long-exact-match", host: "v2.foo.bar.com", vHosts: vhs, want: longExactMatch},
// Matches suffix "*.bar.com" and exact "pi.foo.bar.com". Takes exact.
{name: "multiple-match-exact", host: "pi.foo.bar.com", vHosts: vhs, want: multipleMatch},
// Matches suffix "*.159" and prefix "foo.bar.*". Takes suffix.
{name: "multiple-match-suffix", host: "foo.bar.159", vHosts: vhs, want: multipleMatch},
// Matches suffix "*.bar.com" and prefix "314.*". Takes suffix.
{name: "multiple-match-prefix", host: "314.bar.com", vHosts: vhs, want: oneSuffixMatch},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
if got := findBestMatchingVirtualHost(tt.host, tt.vHosts); !reflect.DeepEqual(got, tt.want) {
t.Errorf("findBestMatchingVirtualHost() = %v, want %v", got, tt.want)
}
})
}
}

0 comments on commit e139b47

Please sign in to comment.