router: support prefix wildcards in virtual hosts domains#6303
router: support prefix wildcards in virtual hosts domains#6303htuch merged 7 commits intoenvoyproxy:masterfrom
Conversation
Signed-off-by: Bartosz Borkowski <bartebor@wp.pl>
venilnoronha
left a comment
There was a problem hiding this comment.
LGTM overall, just one nit.
docs/root/intro/version_history.rst
Outdated
| * router: added reset reason to response body when upstream reset happens. After this change, the response body will be of the form `upstream connect error or disconnect/reset before headers. reset reason:` | ||
| * router: added :ref:`rq_reset_after_downstream_response_started <config_http_filters_router_stats>` counter stat to router stats. | ||
| * router: added per-route configuration of :ref:`internal redirects <envoy_api_field_route.RouteAction.internal_redirect_action>`. | ||
| * router: added support for prefix wildcards in :ref:`virtual hosts domains<envoy_api_field_route.VirtualHost.domains>` |
There was a problem hiding this comment.
Thanks @venilnoronha, I fixed this. I made the same mistake in commit message which would need to be taken care of when squashing (I did not rewrite history).
Signed-off-by: Bartosz Borkowski <bartebor@wp.pl>
junr03
left a comment
There was a problem hiding this comment.
@bartebor thanks for the PR. Two high level comments:
- Is there any reason for the preferential ordering between suffix and prefix domains? i.e why suffix before prefix.
- In #1269 (comment) @htuch mentioned using an inverted trie here. Is this something that we want to address in a subsequent PR with a new issue?
|
@junr03 doesn't have to be a trie in this PR due to the fact we only do a list already (Trevor added a trie a while back but then reverted). What's important to me is that it is plausible to implement the semantics being added in a trie (and inverted trie). This is because we want to add scalability in the future, and so need to ensure we're not adding anything to VH matching that would prohibit this (e.g. if we added a regex, I would be opposed to that). |
|
@junr03 I chose the same order nginx uses. I believe the idea behind this order is matching with steps of decreasing selectivity. Prefix wildcards can match any domain, so they are matched last. Nginx additionally supports regexps as a last step, but we probably do not want that for the reasons @htuch mentioned in #6303 (comment). |
source/common/router/config_impl.cc
Outdated
| wildcard_virtual_host_suffixes_[domain.size() - 1].emplace(domain.substr(1), virtual_host); | ||
| } else if (domain.size() > 0 && '*' == domain[domain.size() - 1]) { | ||
| wildcard_virtual_host_prefixes_[domain.size() - 1].emplace( | ||
| domain.substr(0, domain.size() - 1), virtual_host); |
There was a problem hiding this comment.
Same with the suffixes above. But I just noticed that we don't detect duplicates (at least afaict here) for suffix or prefix domains, like we do for exact matches below. Is that intentional?
There was a problem hiding this comment.
I don't personally think it was intentional. I'll add duplicate checking to make things clear.
source/common/router/config_impl.cc
Outdated
| // Fast path the case where we only have a default virtual host. | ||
| if (virtual_hosts_.empty() && wildcard_virtual_host_suffixes_.empty() && default_virtual_host_) { | ||
| if (virtual_hosts_.empty() && wildcard_virtual_host_suffixes_.empty() && | ||
| wildcard_virtual_host_prefixes_.empty() && default_virtual_host_) { |
There was a problem hiding this comment.
I wonder if we even need the default_virtual_host_ clause here. We end up returning default_virtual_host_.get() at the end anyway.
There was a problem hiding this comment.
You're right, clause removed.
Signed-off-by: Bartosz Borkowski <bartebor@wp.pl>
junr03
left a comment
There was a problem hiding this comment.
lgtm. Thanks for adding the checks, and the new tests.
Signed-off-by: Bartosz Borkowski <bartebor@wp.pl>
Signed-off-by: Bartosz Borkowski <bartebor@wp.pl>
| EXPECT_EQ("instant-server", | ||
| config.route(genHeaders(".foo.com", "/", "GET"), 0)->routeEntry()->clusterName()); | ||
| EXPECT_EQ("instant-server", | ||
| EXPECT_EQ("wildcard", |
There was a problem hiding this comment.
Are these tests strong enough to show that the match order follows the specified one (suffix, then prefix wildcards)?
There was a problem hiding this comment.
@htuch I refactored my tests to handle all cases explicitly.
Something bad is going with the tests from the point I merged with master. I don't think failures result from my code changes, but with no access to test artifacts I can't be sure.
Signed-off-by: Bartosz Borkowski <bartebor@wp.pl>
htuch
left a comment
There was a problem hiding this comment.
The new test is perfect, thanks. I rekicked CI, let's see if that fixes it.
* master: router: support prefix wildcards in virtual hosts domains (envoyproxy#6303) security: update distributor application example to include e-mail. (envoyproxy#6425) Examples: Update gen script of grpc example service (envoyproxy#6372) config: de-templatize source/common/config (envoyproxy#6391) docs: adds information about the Envoy tracer from Instana envoyproxy#6371 (envoyproxy#6416) test: convert ratelimit test configs to v2 YAML (envoyproxy#6411) include required python and go dependencies for grpc-bridge example (envoyproxy#6402) docs: more snapping fixes (envoyproxy#6404) runtime: switching from unordered_map to absl::flat_hash_map (envoyproxy#6389)
Description: Adds prefix wildcard support (
foo.*) in virtual host domainsRisk Level: Low (does not change current behavior)
Testing: Unit tests
Docs Changes: updated
domainsfield documentation in proto fileRelease Notes: updated
Fixes #1269