Introduce wildcardhostname field to support differences between a wil…

…dcard value and precise value. Update the HTTPRequestRedirectFilter.Hostname to use a Hostname type which validates the value cannot contain wildcard characters. Updates all other references which used Hostnaem to use WildcardHostname which does allow for wildcard characters. Signed-off-by: Steve Sloka <slokas@vmware.com>
kubernetes-sigs · Dec 7, 2021 · 55bb6b6 · 55bb6b6
1 parent 4c34b35
commit 55bb6b6
Show file tree

Hide file tree

Showing 11 changed files with 92 additions and 56 deletions.
diff --git a/apis/v1alpha2/gateway_types.go b/apis/v1alpha2/gateway_types.go
@@ -174,7 +174,7 @@ type Listener struct {
 	// Support: Core
 	//
 	// +optional
-	Hostname *Hostname `json:"hostname,omitempty"`
+	Hostname *WildcardHostname `json:"hostname,omitempty"`
 
 	// Port is the network port. Multiple listeners may use the
 	// same port, subject to the Listener compatibility rules.

diff --git a/apis/v1alpha2/httproute_types.go b/apis/v1alpha2/httproute_types.go
@@ -92,7 +92,7 @@ type HTTPRouteSpec struct {
 	//
 	// +optional
 	// +kubebuilder:validation:MaxItems=16
-	Hostnames []Hostname `json:"hostnames,omitempty"`
+	Hostnames []WildcardHostname `json:"hostnames,omitempty"`
 
 	// Rules are a list of HTTP matchers, filters and actions.
 	//

diff --git a/apis/v1alpha2/shared_types.go b/apis/v1alpha2/shared_types.go
@@ -232,14 +232,14 @@ type RouteStatus struct {
 	Parents []RouteParentStatus `json:"parents"`
 }
 
-// Hostname is the fully qualified domain name of a network host. This matches
+// WildcardHostname is the fully qualified domain name of a network host. This matches
 // the RFC 1123 definition of a hostname with 2 notable exceptions:
 //
 // 1. IPs are not allowed.
 // 2. A hostname may be prefixed with a wildcard label (`*.`). The wildcard
 //    label must appear by itself as the first label.
 //
-// Hostname can be "precise" which is a domain name without the terminating
+// WildcardHostname can be "precise" which is a domain name without the terminating
 // dot of a network host (e.g. "foo.example.com") or "wildcard", which is a
 // domain name prefixed with a single wildcard label (e.g. `*.example.com`).
 //
@@ -250,6 +250,24 @@ type RouteStatus struct {
 // +kubebuilder:validation:MinLength=1
 // +kubebuilder:validation:MaxLength=253
 // +kubebuilder:validation:Pattern=`^(\*\.)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$`
+type WildcardHostname string
+
+// Hostname is the fully qualified domain name of a network host. This matches
+// the RFC 1123 definition of a hostname with 2 notable exceptions:
+//
+// 1. IPs are not allowed.
+// 2. A hostname may not be prefixed with a wildcard label (`*.`).
+//
+// Hostname can be "precise" which is a domain name without the terminating
+// dot of a network host (e.g. "foo.example.com").
+//
+// Note that as per RFC1035 and RFC1123, a *label* must consist of lower case
+// alphanumeric characters or '-', and must start and end with an alphanumeric
+// character. No other punctuation is allowed.
+//
+// +kubebuilder:validation:MinLength=1
+// +kubebuilder:validation:MaxLength=253
+// +kubebuilder:validation:Pattern=`^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$`
 type Hostname string
 
 // Group refers to a Kubernetes Group. It must either be an empty string or a

diff --git a/apis/v1alpha2/tlsroute_types.go b/apis/v1alpha2/tlsroute_types.go
@@ -84,7 +84,7 @@ type TLSRouteSpec struct {
 	//
 	// +optional
 	// +kubebuilder:validation:MaxItems=16
-	Hostnames []Hostname `json:"hostnames,omitempty"`
+	Hostnames []WildcardHostname `json:"hostnames,omitempty"`
 
 	// Rules are a list of TLS matchers and actions.
 	//

diff --git a/apis/v1alpha2/validation/gateway_test.go b/apis/v1alpha2/validation/gateway_test.go
@@ -62,15 +62,15 @@ func TestValidateGateway(t *testing.T) {
 		},
 		"hostname present with tcp protocol": {
 			mutate: func(gw *gatewayv1a2.Gateway) {
-				hostname := gatewayv1a2.Hostname("foo.bar.com")
+				hostname := gatewayv1a2.WildcardHostname("foo.bar.com")
 				gw.Spec.Listeners[0].Hostname = &hostname
 				gw.Spec.Listeners[0].Protocol = gatewayv1a2.TCPProtocolType
 			},
 			expectErrsOnFields: []string{"spec.listeners[0].hostname"},
 		},
 		"hostname present with udp protocol": {
 			mutate: func(gw *gatewayv1a2.Gateway) {
-				hostname := gatewayv1a2.Hostname("foo.bar.com")
+				hostname := gatewayv1a2.WildcardHostname("foo.bar.com")
 				gw.Spec.Listeners[0].Hostname = &hostname
 				gw.Spec.Listeners[0].Protocol = gatewayv1a2.UDPProtocolType
 			},

diff --git a/apis/v1alpha2/zz_generated.deepcopy.go b/apis/v1alpha2/zz_generated.deepcopy.go
diff --git a/config/crd/experimental/gateway.networking.k8s.io_httproutes.yaml b/config/crd/experimental/gateway.networking.k8s.io_httproutes.yaml
diff --git a/config/crd/experimental/gateway.networking.k8s.io_tlsroutes.yaml b/config/crd/experimental/gateway.networking.k8s.io_tlsroutes.yaml
diff --git a/config/crd/stable/gateway.networking.k8s.io_httproutes.yaml b/config/crd/stable/gateway.networking.k8s.io_httproutes.yaml
diff --git a/config/crd/stable/gateway.networking.k8s.io_tlsroutes.yaml b/config/crd/stable/gateway.networking.k8s.io_tlsroutes.yaml
diff --git a/hack/invalid-examples/v1alpha2/httproute/invalid-httredirect-hostname.yaml b/hack/invalid-examples/v1alpha2/httproute/invalid-httredirect-hostname.yaml
@@ -0,0 +1,14 @@
+apiVersion: gateway.networking.k8s.io/v1alpha2
+kind: HTTPRoute
+metadata:
+  name: invalid-backend-port
+spec:
+  rules:
+  - backendRefs:
+    - name: my-service
+      port: 8080
+    filters:
+    - type: RequestRedirect
+      requestRedirect:
+        hostname: "*.gateway.networking.k8s.io"
+