Merge pull request #4174 from shuqz/main

k8s-ci-robot · web-flow · commit 66c541d6aa62 · 2025-05-08T17:45:14.000-07:00
[feat gw-api] add hostname handling logic
diff --git a/pkg/gateway/model/model_build_listener.go b/pkg/gateway/model/model_build_listener.go
@@ -165,6 +165,10 @@ func (l listenerBuilderImpl) buildL4ListenerSpec(ctx context.Context, stack core
 }
 
 func (l listenerBuilderImpl) buildListenerRules(stack core.Stack, ls *elbv2model.Listener, lb *elbv2model.LoadBalancer, securityGroups securityGroupOutput, gw *gwv1.Gateway, port int32, lbCfg elbv2gw.LoadBalancerConfiguration, routes map[int32][]routeutils.RouteDescriptor) error {
+
+	// add hostname handling (sort by precedence order)
+	sortRoutesByHostnamePrecedence(routes[port])
+
 	// TODO for L7 Gateway Implementation
 	// This is throw away code
 	// This is temporary implementation for supporting basic multiple HTTPRoute for simple backend refs. We will create default forward action for all the backend refs for all HTTPRoutes for this listener
@@ -185,6 +189,21 @@ func (l listenerBuilderImpl) buildListenerRules(stack core.Stack, ls *elbv2model
 						},
 					},
 					}
+
+					// add host header condition
+					if hostnames := descriptor.GetHostnames(); len(hostnames) > 0 {
+						hostnamesStringList := make([]string, len(descriptor.GetHostnames()))
+						for i, j := range descriptor.GetHostnames() {
+							hostnamesStringList[i] = string(j)
+						}
+						conditions = append(conditions, elbv2model.RuleCondition{
+							Field: elbv2model.RuleConditionFieldHostHeader,
+							HostHeaderConfig: &elbv2model.HostHeaderConditionConfig{
+								Values: hostnamesStringList,
+							},
+						})
+					}
+
 					actions := buildL4ListenerDefaultActions(targetGroup)
 					tags, tagsErr := l.tagHelper.getGatewayTags(lbCfg)
 					if tagsErr != nil {
diff --git a/pkg/gateway/model/utilities.go b/pkg/gateway/model/utilities.go
@@ -1,7 +1,9 @@
 package model
 
 import (
+	"sigs.k8s.io/aws-load-balancer-controller/pkg/gateway/routeutils"
 	elbv2model "sigs.k8s.io/aws-load-balancer-controller/pkg/model/elbv2"
+	"sort"
 	"strings"
 )
 
@@ -18,3 +20,25 @@ func isIPv6Supported(ipAddressType elbv2model.IPAddressType) bool {
 func isIPv6CIDR(cidr string) bool {
 	return strings.Contains(cidr, ":")
 }
+
+func sortRoutesByHostnamePrecedence(routes []routeutils.RouteDescriptor) {
+	sort.SliceStable(routes, func(i, j int) bool {
+		hostnameOne := routes[i].GetHostnames()
+		hostnameTwo := routes[j].GetHostnames()
+
+		if len(hostnameOne) == 0 && len(hostnameTwo) == 0 {
+			return false
+		}
+		if len(hostnameOne) == 0 {
+			return false
+		}
+		if len(hostnameTwo) == 0 {
+			return true
+		}
+		precedence := routeutils.GetHostnamePrecedenceOrder(string(hostnameOne[0]), string(hostnameTwo[0]))
+		if precedence != 0 {
+			return precedence < 0 // -1 means higher precedence
+		}
+		return false
+	})
+}
diff --git a/pkg/gateway/model/utilities_test.go b/pkg/gateway/model/utilities_test.go
@@ -0,0 +1,133 @@
+package model
+
+import (
+	"github.com/stretchr/testify/assert"
+	"sigs.k8s.io/aws-load-balancer-controller/pkg/gateway/routeutils"
+	elbv2model "sigs.k8s.io/aws-load-balancer-controller/pkg/model/elbv2"
+	"testing"
+)
+
+// Test IsIPv6Supported
+func Test_IsIPv6Supported(t *testing.T) {
+	tests := []struct {
+		name          string
+		ipAddressType elbv2model.IPAddressType
+		expected      bool
+	}{
+		{
+			name:          "DualStack should support IPv6",
+			ipAddressType: elbv2model.IPAddressTypeDualStack,
+			expected:      true,
+		},
+		{
+			name:          "DualStackWithoutPublicIPV4 should support IPv6",
+			ipAddressType: elbv2model.IPAddressTypeDualStackWithoutPublicIPV4,
+			expected:      true,
+		},
+		{
+			name:          "IPv4 should not support IPv6",
+			ipAddressType: elbv2model.IPAddressTypeIPV4,
+			expected:      false,
+		},
+		{
+			name:          "Empty address type should not support IPv6",
+			ipAddressType: "",
+			expected:      false,
+		},
+		{
+			name:          "Unknown address type should not support IPv6",
+			ipAddressType: "unknown",
+			expected:      false,
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			got := isIPv6Supported(tt.ipAddressType)
+			assert.Equal(t, tt.expected, got, "isIPv6Supported() = %v, want %v", got, tt.expected)
+		})
+	}
+}
+
+// Test SortRoutesByHostnamePrecedence
+func Test_SortRoutesByHostnamePrecedence(t *testing.T) {
+	tests := []struct {
+		name     string
+		input    []routeutils.RouteDescriptor
+		expected []routeutils.RouteDescriptor
+	}{
+		{
+			name:     "empty routes",
+			input:    []routeutils.RouteDescriptor{},
+			expected: []routeutils.RouteDescriptor{},
+		},
+		{
+			name: "routes with no hostnames",
+			input: []routeutils.RouteDescriptor{
+				&routeutils.MockRoute{Hostnames: []string{}},
+				&routeutils.MockRoute{Hostnames: []string{}},
+			},
+			expected: []routeutils.RouteDescriptor{
+				&routeutils.MockRoute{Hostnames: []string{}},
+				&routeutils.MockRoute{Hostnames: []string{}},
+			},
+		},
+		{
+			name: "mix of empty and non-empty hostnames",
+			input: []routeutils.RouteDescriptor{
+				&routeutils.MockRoute{Hostnames: []string{}},
+				&routeutils.MockRoute{Hostnames: []string{"example.com"}},
+				&routeutils.MockRoute{Hostnames: []string{"test.com"}},
+			},
+			expected: []routeutils.RouteDescriptor{
+				&routeutils.MockRoute{Hostnames: []string{"example.com"}},
+				&routeutils.MockRoute{Hostnames: []string{"test.com"}},
+				&routeutils.MockRoute{Hostnames: []string{}},
+			},
+		},
+		{
+			name: "with and without wildcard hostnames",
+			input: []routeutils.RouteDescriptor{
+				&routeutils.MockRoute{Hostnames: []string{"*.example.com"}},
+				&routeutils.MockRoute{Hostnames: []string{"test.example.com"}},
+			},
+			expected: []routeutils.RouteDescriptor{
+				&routeutils.MockRoute{Hostnames: []string{"test.example.com"}},
+				&routeutils.MockRoute{Hostnames: []string{"*.example.com"}},
+			},
+		},
+		{
+			name: "complex mixed hostnames",
+			input: []routeutils.RouteDescriptor{
+				&routeutils.MockRoute{Hostnames: []string{"*.example.com"}},
+				&routeutils.MockRoute{Hostnames: []string{}},
+				&routeutils.MockRoute{Hostnames: []string{"test.example.com"}},
+				&routeutils.MockRoute{Hostnames: []string{"another.example.com"}},
+			},
+			expected: []routeutils.RouteDescriptor{
+				&routeutils.MockRoute{Hostnames: []string{"another.example.com"}},
+				&routeutils.MockRoute{Hostnames: []string{"test.example.com"}},
+				&routeutils.MockRoute{Hostnames: []string{"*.example.com"}},
+				&routeutils.MockRoute{Hostnames: []string{}},
+			},
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			// Create a copy of input to avoid modifying the test case data
+			actual := make([]routeutils.RouteDescriptor, len(tt.input))
+			copy(actual, tt.input)
+
+			// Execute the sort
+			sortRoutesByHostnamePrecedence(actual)
+
+			// Verify the result
+			assert.Equal(t, tt.expected, actual, "sorted routes should match expected order")
+
+			// Verify stability of sort
+			sortRoutesByHostnamePrecedence(actual)
+			assert.Equal(t, tt.expected, actual, "second sort should maintain the same order (stable sort)")
+		})
+	}
+}
diff --git a/pkg/gateway/routeutils/listener_attachment_helper.go b/pkg/gateway/routeutils/listener_attachment_helper.go
@@ -32,14 +32,33 @@ func newListenerAttachmentHelper(k8sClient client.Client, logger logr.Logger) li
 // listenerAllowsAttachment utility method to determine if a listener will allow a route to connect using
 // Gateway API rules to determine compatibility between lister and route.
 func (attachmentHelper *listenerAttachmentHelperImpl) listenerAllowsAttachment(ctx context.Context, gw gwv1.Gateway, listener gwv1.Listener, route preLoadRouteDescriptor) (bool, error) {
+	// check namespace
 	namespaceOK, err := attachmentHelper.namespaceCheck(ctx, gw, listener, route)
 	if err != nil {
 		return false, err
 	}
 	if !namespaceOK {
 		return false, nil
 	}
-	return attachmentHelper.kindCheck(listener, route), nil
+
+	// check kind
+	kindOK := attachmentHelper.kindCheck(listener, route)
+	if !kindOK {
+		return false, nil
+	}
+
+	// check hostname
+	if (route.GetRouteKind() == HTTPRouteKind || route.GetRouteKind() == GRPCRouteKind || route.GetRouteKind() == TLSRouteKind) && route.GetHostnames() != nil {
+		hostnameOK, err := attachmentHelper.hostnameCheck(listener, route)
+		if err != nil {
+			return false, err
+		}
+		if !hostnameOK {
+			return false, nil
+		}
+	}
+
+	return true, nil
 }
 
 // namespaceCheck namespace check implements the Gateway API spec for namespace matching between listener
@@ -104,3 +123,35 @@ func (attachmentHelper *listenerAttachmentHelperImpl) kindCheck(listener gwv1.Li
 	}
 	return allowedRoutes.Has(route.GetRouteKind())
 }
+
+func (attachmentHelper *listenerAttachmentHelperImpl) hostnameCheck(listener gwv1.Listener, route preLoadRouteDescriptor) (bool, error) {
+	// A route can attach to listener if it does not have hostname or listener does not have hostname
+	if listener.Hostname == nil || len(route.GetHostnames()) == 0 {
+		return true, nil
+	}
+
+	// validate listener hostname, return if listener hostname is not valid
+	isListenerHostnameValid, err := IsHostNameInValidFormat(string(*listener.Hostname))
+	if err != nil {
+		attachmentHelper.logger.Error(err, "listener hostname is not valid", "listener", listener.Name, "hostname", *listener.Hostname)
+		return false, err
+	}
+	if !isListenerHostnameValid {
+		return false, nil
+	}
+
+	for _, hostname := range route.GetHostnames() {
+		// validate route hostname, skip invalid hostname
+		isHostnameValid, err := IsHostNameInValidFormat(string(hostname))
+		if err != nil || !isHostnameValid {
+			attachmentHelper.logger.V(1).Info("route hostname is not valid, continue...", "route", route.GetRouteNamespacedName(), "hostname", hostname)
+			continue
+		}
+
+		// check if two hostnames have overlap (compatible)
+		if isHostnameCompatible(string(hostname), string(*listener.Hostname)) {
+			return true, nil
+		}
+	}
+	return false, nil
+}
diff --git a/pkg/gateway/routeutils/loader.go b/pkg/gateway/routeutils/loader.go
@@ -71,9 +71,9 @@ func NewLoader(k8sClient client.Client, logger logr.Logger) Loader {
 // LoadRoutesForGateway loads all relevant data for a single Gateway.
 func (l *loaderImpl) LoadRoutesForGateway(ctx context.Context, gw gwv1.Gateway, filter LoadRouteFilter) (map[int32][]RouteDescriptor, error) {
 	// 1. Load all relevant routes according to the filter
+
 	loadedRoutes := make([]preLoadRouteDescriptor, 0)
 	for route, loader := range l.allRouteLoaders {
-
 		applicable := filter.IsApplicable(route)
 		l.logger.V(1).Info("Processing route", "route", route, "is applicable", applicable)
 		if applicable {
diff --git a/pkg/gateway/routeutils/mock_route.go b/pkg/gateway/routeutils/mock_route.go
@@ -9,6 +9,7 @@ type MockRoute struct {
 	Kind      RouteKind
 	Name      string
 	Namespace string
+	Hostnames []string
 }
 
 func (m *MockRoute) GetBackendRefs() []gwv1.BackendRef {
@@ -28,8 +29,11 @@ func (m *MockRoute) GetRouteKind() RouteKind {
 }
 
 func (m *MockRoute) GetHostnames() []gwv1.Hostname {
-	//TODO implement me
-	panic("implement me")
+	hostnames := make([]gwv1.Hostname, len(m.Hostnames))
+	for i, h := range m.Hostnames {
+		hostnames[i] = gwv1.Hostname(h)
+	}
+	return hostnames
 }
 
 func (m *MockRoute) GetParentRefs() []gwv1.ParentReference {
diff --git a/pkg/gateway/routeutils/utils.go b/pkg/gateway/routeutils/utils.go
@@ -5,7 +5,9 @@ import (
 	"fmt"
 	corev1 "k8s.io/api/core/v1"
 	"k8s.io/apimachinery/pkg/types"
+	"net"
 	"sigs.k8s.io/controller-runtime/pkg/client"
+	"strings"
 )
 
 // ListL4Routes retrieves all Layer 4 routes (TCP, UDP, TLS) from the cluster.
@@ -87,3 +89,74 @@ func isServiceReferredByRoute(route preLoadRouteDescriptor, svcID types.Namespac
 	}
 	return false
 }
+
+// IsHostNameInValidFormat follows RFC1123 requirement except
+// 1. no IP allowed
+// 2. wildcard is only allowed as leftmost character
+// Allowed Characters: Hostname labels must only contain lowercase ASCII letters (a-z), digits (0-9), and hyphens (-).
+// Starting with a Digit: RFC 1123 allows labels to begin with a digit, which is a departure from the previous RFC 952 restriction.
+// Length: Each label in a hostname can be between 1 and 63 characters long.
+// Overall Hostname Length: The entire hostname, including the periods separating labels, cannot exceed 253 characters.
+// Case: Hostnames are case-insensitive.
+// Underscore: Underscores are not permitted in hostnames.
+// Other Symbols: No other symbols, punctuation, or whitespace is allowed in hostnames
+// Most of the requirements above is already checked by CRD pattern: Pattern=`^(\*\.)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$`
+// Thus this function only checks for 1. if it is IP 2. label length is between 1 and 63
+func IsHostNameInValidFormat(hostName string) (bool, error) {
+	if net.ParseIP(hostName) != nil {
+
+		return false, fmt.Errorf("hostname can not be IP address")
+	}
+	labels := strings.Split(hostName, ".")
+	if strings.HasPrefix(hostName, "*.") {
+		labels = labels[1:]
+	}
+	for _, label := range labels {
+		if len(label) < 1 || len(label) > 63 {
+			return false, fmt.Errorf("invalid hostname label length, length must between 1 and 63")
+		}
+	}
+	return true, nil
+}
+
+// isHostnameCompatible checks if given two hostnames are compatible with each other
+// this function is used to check if listener hostname and Route hostname match
+func isHostnameCompatible(hostnameOne, hostnameTwo string) bool {
+	// exact match
+	if hostnameOne == hostnameTwo {
+		return true
+	}
+
+	// suffix match - hostnameOne is a wildcard
+	if strings.HasPrefix(hostnameOne, "*.") && strings.HasSuffix(hostnameTwo, hostnameOne[1:]) {
+		return true
+	}
+	// suffix match - hostnameTwo is a wildcard
+	if strings.HasPrefix(hostnameTwo, "*.") && strings.HasSuffix(hostnameOne, hostnameTwo[1:]) {
+		return true
+	}
+	return false
+}
+
+// GetHostnamePrecedenceOrder Hostname precedence ordering rule:
+// 1. non-wildcard has higher precedence than wildcard
+// 2. hostname with longer characters have higher precedence than those with shorter ones
+// -1 means hostnameOne has higher precedence, 1 means hostnameTwo has higher precedence, 0 means equal
+func GetHostnamePrecedenceOrder(hostnameOne, hostnameTwo string) int {
+	isHostnameOneWildcard := strings.HasPrefix(hostnameOne, "*.")
+	isHostnameTwoWildcard := strings.HasPrefix(hostnameTwo, "*.")
+
+	if !isHostnameOneWildcard && isHostnameTwoWildcard {
+		return -1
+	} else if isHostnameOneWildcard && !isHostnameTwoWildcard {
+		return 1
+	} else {
+		if len(hostnameOne) > len(hostnameTwo) {
+			return -1
+		} else if len(hostnameOne) < len(hostnameTwo) {
+			return 1
+		} else {
+			return 0
+		}
+	}
+}
diff --git a/pkg/gateway/routeutils/utils_test.go b/pkg/gateway/routeutils/utils_test.go

Original file line number	Diff line number	Diff line change
`@@ -9,6 +9,7 @@ type MockRoute struct {`
`9`	`9`	`Kind RouteKind`
`10`	`10`	`Name string`
`11`	`11`	`Namespace string`
	`12`	`+ Hostnames []string`
`12`	`13`	`}`
`13`	`14`
`14`	`15`	`func (m *MockRoute) GetBackendRefs() []gwv1.BackendRef {`
`@@ -28,8 +29,11 @@ func (m *MockRoute) GetRouteKind() RouteKind {`
`28`	`29`	`}`
`29`	`30`
`30`	`31`	`func (m *MockRoute) GetHostnames() []gwv1.Hostname {`
`31`		`- //TODO implement me`
`32`		`- panic("implement me")`
	`32`	`+ hostnames := make([]gwv1.Hostname, len(m.Hostnames))`
	`33`	`+ for i, h := range m.Hostnames {`
	`34`	`+ hostnames[i] = gwv1.Hostname(h)`
	`35`	`+ }`
	`36`	`+ return hostnames`
`33`	`37`	`}`
`34`	`38`
`35`	`39`	`func (m *MockRoute) GetParentRefs() []gwv1.ParentReference {`