Introduce PreciseHostname field to support differences between a wild…

…card value and precise value for hostnames. Updates the HTTPRequestRedirectFilter.Hostname to use the new PreciseHostname type which validates the value cannot contain wildcard characters. Signed-off-by: Steve Sloka <slokas@vmware.com>
kubernetes-sigs · Dec 17, 2021 · c4e4ae6 · c4e4ae6
1 parent 1deb7bc
commit c4e4ae6
Show file tree

Hide file tree

Showing 6 changed files with 38 additions and 6 deletions.
diff --git a/apis/v1alpha2/httproute_types.go b/apis/v1alpha2/httproute_types.go
@@ -740,7 +740,7 @@ type HTTPRequestRedirectFilter struct {
 	// Support: Core
 	//
 	// +optional
-	Hostname *Hostname `json:"hostname,omitempty"`
+	Hostname *PreciseHostname `json:"hostname,omitempty"`
 
 	// Path defines parameters used to modify the path of the incoming request.
 	// The modified path is then used to construct the `Location` header. When

diff --git a/apis/v1alpha2/shared_types.go b/apis/v1alpha2/shared_types.go
@@ -252,6 +252,24 @@ type RouteStatus struct {
 // +kubebuilder:validation:Pattern=`^(\*\.)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$`
 type Hostname string
 
+// PreciseHostname is the fully qualified domain name of a network host. This matches
+// the RFC 1123 definition of a hostname with 2 notable exceptions:
+//
+// 1. IPs are not allowed.
+// 2. A hostname may not be prefixed with a wildcard label (`*.`).
+//
+// Hostname can be "precise" which is a domain name without the terminating
+// dot of a network host (e.g. "foo.example.com").
+//
+// Note that as per RFC1035 and RFC1123, a *label* must consist of lower case
+// alphanumeric characters or '-', and must start and end with an alphanumeric
+// character. No other punctuation is allowed.
+//
+// +kubebuilder:validation:MinLength=1
+// +kubebuilder:validation:MaxLength=253
+// +kubebuilder:validation:Pattern=`^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$`
+type PreciseHostname string
+
 // Group refers to a Kubernetes Group. It must either be an empty string or a
 // RFC 1123 subdomain.
 //

diff --git a/apis/v1alpha2/zz_generated.deepcopy.go b/apis/v1alpha2/zz_generated.deepcopy.go
diff --git a/config/crd/experimental/gateway.networking.k8s.io_httproutes.yaml b/config/crd/experimental/gateway.networking.k8s.io_httproutes.yaml
diff --git a/config/crd/stable/gateway.networking.k8s.io_httproutes.yaml b/config/crd/stable/gateway.networking.k8s.io_httproutes.yaml
diff --git a/hack/invalid-examples/v1alpha2/httproute/invalid-httredirect-hostname.yaml b/hack/invalid-examples/v1alpha2/httproute/invalid-httredirect-hostname.yaml
@@ -0,0 +1,14 @@
+apiVersion: gateway.networking.k8s.io/v1alpha2
+kind: HTTPRoute
+metadata:
+  name: invalid-backend-port
+spec:
+  rules:
+  - backendRefs:
+    - name: my-service
+      port: 8080
+    filters:
+    - type: RequestRedirect
+      requestRedirect:
+        hostname: "*.gateway.networking.k8s.io"
+