BUG: add the if not exist condition to map matching with TLS Route

Author: ivanmatmati

k8s/gate/haproxy/frontends.go

@@ -278,11 +278,10 @@ func (b *HaproxyConfMgrImpl) newFrontend(params newFrontendParams) (*models.Fron
 				Expr:     "req_ssl_sni,map(" + sniMap.FullPath() + ")",
 			},
 			{
-				// tcp-request content set-var(txn.sni_match) req_ssl_sni,regsub(^[^.]*,,),map(sni.map)
 				// tcp-request content set-var(txn.sni_match,ifnotexists) req_ssl_sni,map_end(sniDomainWildcardMap.map)
 				Type:     "content",
 				Action:   "set-var",
-				VarName:  "sni_match",
+				VarName:  "sni_match,ifnotexists",
 				VarScope: "txn",
 				Expr:     "req_ssl_sni,map_end(" + sniDomainWildcardMap.FullPath() + ")",
 			},

k8s/gate/haproxy/routes-maps.go

@@ -171,7 +171,7 @@ func (b *RouteMgrImpl) fillMapsForHTTPRoutes() {
 				case store.StatusUnchanged:
 					continue
 				case store.StatusUpserted:
-					err := b.onUpsertedHTTPRoute(routeKey, route, mapExact, mapPrefix, mapRegex, mapDomainWPathExact,acceptedHostnamesForRoute)
+					err := b.onUpsertedHTTPRoute(routeKey, route, mapExact, mapPrefix, mapRegex, mapDomainWPathExact, acceptedHostnamesForRoute)
 					errs.Add(err)
 				case store.StatusDeleted:
 					err := b.onDeletedHTTPRoute(routeKey, route, mapExact, mapPrefix, mapRegex, mapDomainWPathExact)

k8s/gate/haproxy/routes.go

@@ -53,23 +53,26 @@ type RouteMgrImpl struct {
 }
 
 func (b *RouteMgrImpl) onUpsertedHTTPRoute(routeKey k8stypes.NamespacedName, route *tree.HTTPRoute,
-	mapExact, mapPrefix, mapRegex, mapDomainWPathExact *maps.MapData,acceptedHostnamesForRoute []string) error {
+	mapExact, mapPrefix, mapRegex, mapDomainWPathExact *maps.MapData, acceptedHostnamesForRoute []string,
+) error {
 	if route.Valid {
 		return b.onValidHTTPRouteUpserted(routeKey, route, mapExact, mapPrefix, mapRegex, mapDomainWPathExact, acceptedHostnamesForRoute)
 	}
 	return b.onInvalidHTTPRouteUpserted(routeKey, route, mapExact, mapPrefix, mapRegex, mapDomainWPathExact)
 }
 
 func (b *RouteMgrImpl) onUpsertedTLSRoute(routeKey k8stypes.NamespacedName, route *tree.TLSRoute,
-	mapSNI, mapSNIDomainWildcardMap *maps.MapData, acceptedHostnamesForRoute []string) error {
+	mapSNI, mapSNIDomainWildcardMap *maps.MapData, acceptedHostnamesForRoute []string,
+) error {
 	if route.Valid {
 		return b.onValidTLSRouteUpserted(routeKey, route, mapSNI, mapSNIDomainWildcardMap, acceptedHostnamesForRoute)
 	}
 	return b.onInvalidTLSRouteUpserted(routeKey, route, mapSNI, mapSNIDomainWildcardMap)
 }
 
 func (b *RouteMgrImpl) onValidTLSRouteUpserted(_ k8stypes.NamespacedName,
-	tlsRoute *tree.TLSRoute, mapSNI, mapSNIDomainWildcardMap *maps.MapData, acceptedHostnamesForRoute []string) error {
+	tlsRoute *tree.TLSRoute, mapSNI, mapSNIDomainWildcardMap *maps.MapData, acceptedHostnamesForRoute []string,
+) error {
 	for _, tlsRouteRule := range tlsRoute.Rules {
 		// if !rule.Valid {
 		// find the old rule in route.TreeStatus.OldTreeResource.Rules, name is optional
@@ -215,7 +218,8 @@ func (RouteMgrImpl) onDeletedHTTPRoute(_ k8stypes.NamespacedName, route *tree.HT
 }
 
 func (b *RouteMgrImpl) onValidHTTPRouteUpserted(_ k8stypes.NamespacedName, route *tree.HTTPRoute,
-	mapExact, mapPrefix, mapRegex, mapDomainWPathExact *maps.MapData,acceptedHostnamesForRoute []string) error { //revive:disable:function-length,cognitive-complexity
+	mapExact, mapPrefix, mapRegex, mapDomainWPathExact *maps.MapData, acceptedHostnamesForRoute []string,
+) error { //revive:disable:function-length,cognitive-complexity
 	hostnames := route.K8sResource.Spec.Hostnames
 	for _, rule := range route.Rules {
 		// if !rule.Valid {
@@ -322,7 +326,6 @@ func (b *RouteMgrImpl) onValidHTTPRouteUpserted(_ k8stypes.NamespacedName, route
 				}
 			}
 
-
 			if rule.Valid {
 				for _, hostname := range acceptedHostnamesForRoute {
 					fullpath := string(hostname) + path

k8s/gate/utils/utils.go

@@ -198,14 +198,14 @@ func GetHostnamesForRouteWithListener(listenerHostname *string, routeHostnames [
 	}
 
 	// to avoid duplicates
-	matched:= map[string]struct{}{}
+	matched := map[string]struct{}{}
 	for _, routeHostname := range routeHostnames {
 		// If the listener hostname is a wildcard, check if it matches any route hostname.
 		if hostnamesMatchingRouteAndListener(routeHostname, *listenerHostname) {
-			matched [*listenerHostname]= struct{}{}
+			matched[*listenerHostname] = struct{}{}
 		} else if hostnamesMatchingRouteAndListener(*listenerHostname, routeHostname) {
 			// If the route hostname is a wildcard, check if it matches any listener hostname.
-			matched[routeHostname]= struct{}{}
+			matched[routeHostname] = struct{}{}
 		}
 	}
 	result := make([]string, len(matched))
@@ -225,7 +225,7 @@ func hostnamesMatchingRouteAndListener(pattern, hostname string) bool {
 	}
 
 	// pattern is of the form "*.example.com"
-	return strings.HasSuffix(hostname, pattern[1:]) 
+	return strings.HasSuffix(hostname, pattern[1:])
 }
 
 func ConvertSliceWithFunc[U, V any](arg []U, f func(U) V) []V {

k8s/gate/utils/utils_test.go

@@ -14,11 +14,10 @@
 package utils // revive:disable:var-naming
 
 import (
+	"slices"
 	"testing"
 	"time"
 
-	"slices"
-
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 	gatewayv1 "sigs.k8s.io/gateway-api/apis/v1"
@@ -70,8 +69,7 @@ func TestSortByCreationTimestamp_Gateways_SameTimestamp(t *testing.T) {
 	}
 }
 
-
-func TestGetHostnamesForRouteWithListener	(t *testing.T) {
+func TestGetHostnamesForRouteWithListener(t *testing.T) {
 	hostname := "test.example.com"
 	hostnameWildCard := "*.example.com"
 	otherHostname := "other.example.com"
@@ -81,25 +79,25 @@ func TestGetHostnamesForRouteWithListener	(t *testing.T) {
 
 	for i, test := range []struct {
 		listenerHostname *string
-		routeHostnames []string
-		expected      []string    
+		routeHostnames   []string
+		expected         []string
 	}{
-		{&hostname, []string{} , []string{hostname}},
-		{&hostname, []string{hostname} , []string{hostname}},
-		{&hostname, []string{hostname,otherHostname}, []string{hostname}},
-		{nil, []string{hostname,fooHostname} , []string{hostname,fooHostname}},
-		{nil, []string{} , []string{}},
-		{&hostnameWildCard, []string{} , []string{hostnameWildCard}},
-		{&hostnameWildCard, []string{hostname} , []string{hostname}},
-		{&hostnameWildCard, []string{hostname,fooExtendedHostname,otherOrgHostname} , []string{fooExtendedHostname, hostname}},
-		{&hostname, []string{hostnameWildCard} , []string{hostname}},
-		{&hostname, []string{hostnameWildCard,hostname} , []string{hostname}},
-		{&hostname, []string{hostnameWildCard, otherHostname,otherOrgHostname}, []string{hostname}},
-		{&hostnameWildCard, []string{hostnameWildCard} , []string{hostnameWildCard}},
-		{&hostnameWildCard, []string{"*.foo.com"} , []string{}},
+		{&hostname, []string{}, []string{hostname}},
+		{&hostname, []string{hostname}, []string{hostname}},
+		{&hostname, []string{hostname, otherHostname}, []string{hostname}},
+		{nil, []string{hostname, fooHostname}, []string{hostname, fooHostname}},
+		{nil, []string{}, []string{}},
+		{&hostnameWildCard, []string{}, []string{hostnameWildCard}},
+		{&hostnameWildCard, []string{hostname}, []string{hostname}},
+		{&hostnameWildCard, []string{hostname, fooExtendedHostname, otherOrgHostname}, []string{fooExtendedHostname, hostname}},
+		{&hostname, []string{hostnameWildCard}, []string{hostname}},
+		{&hostname, []string{hostnameWildCard, hostname}, []string{hostname}},
+		{&hostname, []string{hostnameWildCard, otherHostname, otherOrgHostname}, []string{hostname}},
+		{&hostnameWildCard, []string{hostnameWildCard}, []string{hostnameWildCard}},
+		{&hostnameWildCard, []string{"*.foo.com"}, []string{}},
 	} {
 		if result := GetHostnamesForRouteWithListener(test.listenerHostname, test.routeHostnames); !slices.Equal(result, test.expected) {
 			t.Errorf("test #%d, Expected %s, got %s", i, test.expected, result)
 		}
 	}
-}
+}