config: add a consistent route ID (#905)

2025-05-02 03:46:29 +02:00 · 2020-06-16 09:20:18 -04:00 · 2020-06-16 09:20:18 -04:00 · ee2170f5f5
commit ee2170f5f5
parent 34d06e521d
4 changed files with 76 additions and 6 deletions
--- a/config/policy.go
+++ b/config/policy.go
@ -157,6 +157,22 @@ func (p *Policy) Checksum() uint64 {
 	return cs
 }

+// RouteID returns a unique identifier for a route
+func (p *Policy) RouteID() uint64 {
+	id := routeID{
+		Source:      p.Source,
+		Destination: p.Destination,
+		Prefix:      p.Prefix,
+		Path:        p.Path,
+		Regex:       p.Regex,
+	}
+
+	cs, _ := hashstructure.Hash(id, &hashstructure.HashOptions{
+		Hasher: xxhash.New(),
+	})
+	return cs
+}
+
 func (p *Policy) String() string {
 	if p.Source == nil || p.Destination == nil {
 		return fmt.Sprintf("%s → %s", p.From, p.To)
@ -173,3 +189,11 @@ type StringURL struct {
 func (u *StringURL) MarshalJSON() ([]byte, error) {
 	return json.Marshal(u.String())
 }
+
+type routeID struct {
+	Source      *StringURL
+	Destination *url.URL
+	Prefix      string
+	Path        string
+	Regex       string
+}
--- a/config/policy_test.go
+++ b/config/policy_test.go
@ -5,6 +5,7 @@ import (
 	"testing"

 	"github.com/google/go-cmp/cmp"
+	"github.com/stretchr/testify/assert"
 )

 func Test_PolicyValidate(t *testing.T) {
@ -81,3 +82,48 @@ func TestPolicy_String(t *testing.T) {
 		})
 	}
 }
+
+func Test_PolicyRouteID(t *testing.T) {
+	t.Parallel()
+	tests := []struct {
+		name          string
+		basePolicy    *Policy
+		comparePolicy *Policy
+		wantID        uint64
+		wantSame      bool
+	}{
+		{
+			"same",
+			&Policy{From: "https://pomerium.io", To: "http://localhost", AllowedUsers: []string{"foo@bar.com"}},
+			&Policy{From: "https://pomerium.io", To: "http://localhost", AllowedGroups: []string{"allusers"}},
+			6315033228798964203,
+			true,
+		},
+		{
+			"different from",
+			&Policy{From: "https://pomerium.io", To: "http://localhost"},
+			&Policy{From: "https://notpomerium.io", To: "http://localhost"},
+			6315033228798964203,
+			false,
+		},
+		{
+			"different path",
+			&Policy{From: "https://pomerium.io", To: "http://localhost"},
+			&Policy{From: "https://pomerium.io", To: "http://localhost", Path: "/foo"},
+			6315033228798964203,
+			false,
+		},
+	}
+
+	for _, tt := range tests {
+		tt := tt
+		t.Run(tt.name, func(t *testing.T) {
+			t.Parallel()
+			assert.NoError(t, tt.basePolicy.Validate())
+			assert.NoError(t, tt.comparePolicy.Validate())
+
+			assert.Equal(t, tt.wantSame, tt.basePolicy.RouteID() == tt.comparePolicy.RouteID())
+			assert.Equal(t, tt.wantID, tt.basePolicy.RouteID())
+		})
+	}
+}
--- a/internal/controlplane/xds.go
+++ b/internal/controlplane/xds.go
@ -172,7 +172,7 @@ func inlineFilename(name string) *envoy_config_core_v3.DataSource {
 }

 func getPolicyName(policy *config.Policy) string {
-	return fmt.Sprintf("policy-%x", policy.Checksum())
+	return fmt.Sprintf("policy-%x", policy.RouteID())
 }

 func envoyTLSCertificateFromGoTLSCertificate(cert *tls.Certificate) *envoy_extensions_transport_sockets_tls_v3.TlsCertificate {
--- a/internal/controlplane/xds_routes_test.go
+++ b/internal/controlplane/xds_routes_test.go
@ -247,7 +247,7 @@ func Test_buildPolicyRoutes(t *testing.T) {
 				},
 				"route": {
 					"autoHostRewrite": true,
-					"cluster": "policy-4e2763e591b22dc8",
+					"cluster": "policy-701142725541ce1f",
 					"timeout": "3s",
 					"upgradeConfigs": [{
 						"enabled": false,
@ -270,7 +270,7 @@ func Test_buildPolicyRoutes(t *testing.T) {
 				},
 				"route": {
 					"autoHostRewrite": false,
-					"cluster": "policy-e5d20435224ae9b",
+					"cluster": "policy-35b6cce9d52d36ed",
 					"timeout": "0s",
 					"upgradeConfigs": [{
 						"enabled": true,
@ -293,7 +293,7 @@ func Test_buildPolicyRoutes(t *testing.T) {
 				},
 				"route": {
 					"autoHostRewrite": true,
-					"cluster": "policy-6e7239b3980df01f",
+					"cluster": "policy-8935ca8067709cf7",
 					"timeout": "60s",
 					"upgradeConfigs": [{
 						"enabled": false,
@ -326,7 +326,7 @@ func Test_buildPolicyRoutes(t *testing.T) {
 				},
 				"route": {
 					"autoHostRewrite": true,
-					"cluster": "policy-7bf4b11bf99ced85",
+					"cluster": "policy-45c2908c3d6f0e52",
 					"timeout": "3s",
 					"upgradeConfigs": [{
 						"enabled": false,
@ -349,7 +349,7 @@ func Test_buildPolicyRoutes(t *testing.T) {
 				},
 				"route": {
 					"autoHostRewrite": true,
-					"cluster": "policy-6b5e934ff586365d",
+					"cluster": "policy-8935ca8067709cf7",
 					"timeout": "60s",
 					"upgradeConfigs": [{
 						"enabled": false,