3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-05-02 20:06:03 +02:00
Code Issues Projects Releases Packages Wiki Activity

config: add a consistent route ID (#905)

Browse source
This commit is contained in:
Travis Groth 2020-06-16 09:20:18 -04:00 committed by GitHub
parent 34d06e521d
commit ee2170f5f5
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
4 changed files with 76 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

24
config/policy.go
View file

@ -157,6 +157,22 @@ func (p *Policy) Checksum() uint64 {
return cs return cs
} }
// RouteID returns a unique identifier for a route
func (p *Policy) RouteID() uint64 {
id := routeID{
Source: p.Source,
Destination: p.Destination,
Prefix: p.Prefix,
Path: p.Path,
Regex: p.Regex,
}
cs, _ := hashstructure.Hash(id, &hashstructure.HashOptions{
Hasher: xxhash.New(),
})
return cs
}
func (p *Policy) String() string { func (p *Policy) String() string {
if p.Source == nil || p.Destination == nil { if p.Source == nil || p.Destination == nil {
return fmt.Sprintf("%s → %s", p.From, p.To) return fmt.Sprintf("%s → %s", p.From, p.To)
@ -173,3 +189,11 @@ type StringURL struct {
func (u *StringURL) MarshalJSON() ([]byte, error) { func (u *StringURL) MarshalJSON() ([]byte, error) {
return json.Marshal(u.String()) return json.Marshal(u.String())
} }
type routeID struct {
Source *StringURL
Destination *url.URL
Prefix string
Path string
Regex string
}

46
config/policy_test.go
View file

@ -5,6 +5,7 @@ import (
"testing" "testing"
"github.com/google/go-cmp/cmp" "github.com/google/go-cmp/cmp"
"github.com/stretchr/testify/assert"
) )
func Test_PolicyValidate(t *testing.T) { func Test_PolicyValidate(t *testing.T) {
@ -81,3 +82,48 @@ func TestPolicy_String(t *testing.T) {
}) })
} }
} }
func Test_PolicyRouteID(t *testing.T) {
t.Parallel()
tests := []struct {
name string
basePolicy *Policy
comparePolicy *Policy
wantID uint64
wantSame bool
}{
{
"same",
&Policy{From: "https://pomerium.io", To: "http://localhost", AllowedUsers: []string{"foo@bar.com"}},
&Policy{From: "https://pomerium.io", To: "http://localhost", AllowedGroups: []string{"allusers"}},
6315033228798964203,
true,
},
{
"different from",
&Policy{From: "https://pomerium.io", To: "http://localhost"},
&Policy{From: "https://notpomerium.io", To: "http://localhost"},
6315033228798964203,
false,
},
{
"different path",
&Policy{From: "https://pomerium.io", To: "http://localhost"},
&Policy{From: "https://pomerium.io", To: "http://localhost", Path: "/foo"},
6315033228798964203,
false,
},
}
for _, tt := range tests {
tt := tt
t.Run(tt.name, func(t *testing.T) {
t.Parallel()
assert.NoError(t, tt.basePolicy.Validate())
assert.NoError(t, tt.comparePolicy.Validate())
assert.Equal(t, tt.wantSame, tt.basePolicy.RouteID() == tt.comparePolicy.RouteID())
assert.Equal(t, tt.wantID, tt.basePolicy.RouteID())
})
}
}

2
internal/controlplane/xds.go
View file

@ -172,7 +172,7 @@ func inlineFilename(name string) *envoy_config_core_v3.DataSource {
} }
func getPolicyName(policy *config.Policy) string { func getPolicyName(policy *config.Policy) string {
return fmt.Sprintf("policy-%x", policy.Checksum()) return fmt.Sprintf("policy-%x", policy.RouteID())
} }
func envoyTLSCertificateFromGoTLSCertificate(cert *tls.Certificate) *envoy_extensions_transport_sockets_tls_v3.TlsCertificate { func envoyTLSCertificateFromGoTLSCertificate(cert *tls.Certificate) *envoy_extensions_transport_sockets_tls_v3.TlsCertificate {

10
internal/controlplane/xds_routes_test.go
View file

@ -247,7 +247,7 @@ func Test_buildPolicyRoutes(t *testing.T) {
}, },
"route": { "route": {
"autoHostRewrite": true, "autoHostRewrite": true,
"cluster": "policy-4e2763e591b22dc8", "cluster": "policy-701142725541ce1f",
"timeout": "3s", "timeout": "3s",
"upgradeConfigs": [{ "upgradeConfigs": [{
"enabled": false, "enabled": false,
@ -270,7 +270,7 @@ func Test_buildPolicyRoutes(t *testing.T) {
}, },
"route": { "route": {
"autoHostRewrite": false, "autoHostRewrite": false,
"cluster": "policy-e5d20435224ae9b", "cluster": "policy-35b6cce9d52d36ed",
"timeout": "0s", "timeout": "0s",
"upgradeConfigs": [{ "upgradeConfigs": [{
"enabled": true, "enabled": true,
@ -293,7 +293,7 @@ func Test_buildPolicyRoutes(t *testing.T) {
}, },
"route": { "route": {
"autoHostRewrite": true, "autoHostRewrite": true,
"cluster": "policy-6e7239b3980df01f", "cluster": "policy-8935ca8067709cf7",
"timeout": "60s", "timeout": "60s",
"upgradeConfigs": [{ "upgradeConfigs": [{
"enabled": false, "enabled": false,
@ -326,7 +326,7 @@ func Test_buildPolicyRoutes(t *testing.T) {
}, },
"route": { "route": {
"autoHostRewrite": true, "autoHostRewrite": true,
"cluster": "policy-7bf4b11bf99ced85", "cluster": "policy-45c2908c3d6f0e52",
"timeout": "3s", "timeout": "3s",
"upgradeConfigs": [{ "upgradeConfigs": [{
"enabled": false, "enabled": false,
@ -349,7 +349,7 @@ func Test_buildPolicyRoutes(t *testing.T) {
}, },
"route": { "route": {
"autoHostRewrite": true, "autoHostRewrite": true,
"cluster": "policy-6b5e934ff586365d", "cluster": "policy-8935ca8067709cf7",
"timeout": "60s", "timeout": "60s",
"upgradeConfigs": [{ "upgradeConfigs": [{
"enabled": false, "enabled": false,