From ee2170f5f5fdbb448b5200d4036dc1fd616008d9 Mon Sep 17 00:00:00 2001
From: Travis Groth <travisgroth@users.noreply.github.com>
Date: Tue, 16 Jun 2020 09:20:18 -0400
Subject: [PATCH] config: add a consistent route ID (#905)

---
 config/policy.go                         | 24 +++++++++++++
 config/policy_test.go                    | 46 ++++++++++++++++++++++++
 internal/controlplane/xds.go             |  2 +-
 internal/controlplane/xds_routes_test.go | 10 +++---
 4 files changed, 76 insertions(+), 6 deletions(-)

diff --git a/config/policy.go b/config/policy.go
index 1bb25e8dc..44a5b9bb9 100644
--- a/config/policy.go
+++ b/config/policy.go
@@ -157,6 +157,22 @@ func (p *Policy) Checksum() uint64 {
 	return cs
 }
 
+// RouteID returns a unique identifier for a route
+func (p *Policy) RouteID() uint64 {
+	id := routeID{
+		Source:      p.Source,
+		Destination: p.Destination,
+		Prefix:      p.Prefix,
+		Path:        p.Path,
+		Regex:       p.Regex,
+	}
+
+	cs, _ := hashstructure.Hash(id, &hashstructure.HashOptions{
+		Hasher: xxhash.New(),
+	})
+	return cs
+}
+
 func (p *Policy) String() string {
 	if p.Source == nil || p.Destination == nil {
 		return fmt.Sprintf("%s → %s", p.From, p.To)
@@ -173,3 +189,11 @@ type StringURL struct {
 func (u *StringURL) MarshalJSON() ([]byte, error) {
 	return json.Marshal(u.String())
 }
+
+type routeID struct {
+	Source      *StringURL
+	Destination *url.URL
+	Prefix      string
+	Path        string
+	Regex       string
+}
diff --git a/config/policy_test.go b/config/policy_test.go
index fbe532744..2edb26bf9 100644
--- a/config/policy_test.go
+++ b/config/policy_test.go
@@ -5,6 +5,7 @@ import (
 	"testing"
 
 	"github.com/google/go-cmp/cmp"
+	"github.com/stretchr/testify/assert"
 )
 
 func Test_PolicyValidate(t *testing.T) {
@@ -81,3 +82,48 @@ func TestPolicy_String(t *testing.T) {
 		})
 	}
 }
+
+func Test_PolicyRouteID(t *testing.T) {
+	t.Parallel()
+	tests := []struct {
+		name          string
+		basePolicy    *Policy
+		comparePolicy *Policy
+		wantID        uint64
+		wantSame      bool
+	}{
+		{
+			"same",
+			&Policy{From: "https://pomerium.io", To: "http://localhost", AllowedUsers: []string{"foo@bar.com"}},
+			&Policy{From: "https://pomerium.io", To: "http://localhost", AllowedGroups: []string{"allusers"}},
+			6315033228798964203,
+			true,
+		},
+		{
+			"different from",
+			&Policy{From: "https://pomerium.io", To: "http://localhost"},
+			&Policy{From: "https://notpomerium.io", To: "http://localhost"},
+			6315033228798964203,
+			false,
+		},
+		{
+			"different path",
+			&Policy{From: "https://pomerium.io", To: "http://localhost"},
+			&Policy{From: "https://pomerium.io", To: "http://localhost", Path: "/foo"},
+			6315033228798964203,
+			false,
+		},
+	}
+
+	for _, tt := range tests {
+		tt := tt
+		t.Run(tt.name, func(t *testing.T) {
+			t.Parallel()
+			assert.NoError(t, tt.basePolicy.Validate())
+			assert.NoError(t, tt.comparePolicy.Validate())
+
+			assert.Equal(t, tt.wantSame, tt.basePolicy.RouteID() == tt.comparePolicy.RouteID())
+			assert.Equal(t, tt.wantID, tt.basePolicy.RouteID())
+		})
+	}
+}
diff --git a/internal/controlplane/xds.go b/internal/controlplane/xds.go
index f9f3f2b66..b13c8d353 100644
--- a/internal/controlplane/xds.go
+++ b/internal/controlplane/xds.go
@@ -172,7 +172,7 @@ func inlineFilename(name string) *envoy_config_core_v3.DataSource {
 }
 
 func getPolicyName(policy *config.Policy) string {
-	return fmt.Sprintf("policy-%x", policy.Checksum())
+	return fmt.Sprintf("policy-%x", policy.RouteID())
 }
 
 func envoyTLSCertificateFromGoTLSCertificate(cert *tls.Certificate) *envoy_extensions_transport_sockets_tls_v3.TlsCertificate {
diff --git a/internal/controlplane/xds_routes_test.go b/internal/controlplane/xds_routes_test.go
index bc3563b01..2f1579e78 100644
--- a/internal/controlplane/xds_routes_test.go
+++ b/internal/controlplane/xds_routes_test.go
@@ -247,7 +247,7 @@ func Test_buildPolicyRoutes(t *testing.T) {
 				},
 				"route": {
 					"autoHostRewrite": true,
-					"cluster": "policy-4e2763e591b22dc8",
+					"cluster": "policy-701142725541ce1f",
 					"timeout": "3s",
 					"upgradeConfigs": [{
 						"enabled": false,
@@ -270,7 +270,7 @@ func Test_buildPolicyRoutes(t *testing.T) {
 				},
 				"route": {
 					"autoHostRewrite": false,
-					"cluster": "policy-e5d20435224ae9b",
+					"cluster": "policy-35b6cce9d52d36ed",
 					"timeout": "0s",
 					"upgradeConfigs": [{
 						"enabled": true,
@@ -293,7 +293,7 @@ func Test_buildPolicyRoutes(t *testing.T) {
 				},
 				"route": {
 					"autoHostRewrite": true,
-					"cluster": "policy-6e7239b3980df01f",
+					"cluster": "policy-8935ca8067709cf7",
 					"timeout": "60s",
 					"upgradeConfigs": [{
 						"enabled": false,
@@ -326,7 +326,7 @@ func Test_buildPolicyRoutes(t *testing.T) {
 				},
 				"route": {
 					"autoHostRewrite": true,
-					"cluster": "policy-7bf4b11bf99ced85",
+					"cluster": "policy-45c2908c3d6f0e52",
 					"timeout": "3s",
 					"upgradeConfigs": [{
 						"enabled": false,
@@ -349,7 +349,7 @@ func Test_buildPolicyRoutes(t *testing.T) {
 				},
 				"route": {
 					"autoHostRewrite": true,
-					"cluster": "policy-6b5e934ff586365d",
+					"cluster": "policy-8935ca8067709cf7",
 					"timeout": "60s",
 					"upgradeConfigs": [{
 						"enabled": false,