Fix haproxy router config manager issue where sanitize pems don't match when

ramr · ramr · commit fc23518bb478 · 2018-08-14T17:51:54.000-07:00
extended validation is enabled (causes a reload where none is needed).
fixes bugz #1615802
diff --git a/pkg/cmd/infra/router/template.go b/pkg/cmd/infra/router/template.go
@@ -468,6 +468,7 @@ func (o *TemplateRouterOptions) Run() error {
 			BlueprintRoutePoolSize: o.BlueprintRoutePoolSize,
 			MaxDynamicServers:      o.MaxDynamicServers,
 			WildcardRoutesAllowed:  o.AllowWildcardRoutes,
+			ExtendedValidation:     o.ExtendedValidation,
 		}
 		cfgManager = haproxyconfigmanager.NewHAProxyConfigManager(cmopts)
 		if len(o.BlueprintRouteNamespace) > 0 {
diff --git a/pkg/router/template/configmanager/haproxy/manager.go b/pkg/router/template/configmanager/haproxy/manager.go
@@ -15,6 +15,7 @@ import (
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 
 	routeapi "github.com/openshift/origin/pkg/route/apis/route"
+	"github.com/openshift/origin/pkg/route/apis/route/validation"
 	templaterouter "github.com/openshift/origin/pkg/router/template"
 	templateutil "github.com/openshift/origin/pkg/router/template/util"
 )
@@ -119,6 +120,9 @@ type haproxyConfigManager struct {
 	// wildcardRoutesAllowed indicates if wildcard routes are allowed.
 	wildcardRoutesAllowed bool
 
+	// extendedValidation indicates if extended route validation is enabled.
+	extendedValidation bool
+
 	// router is the associated template router.
 	router templaterouter.RouterInterface
 
@@ -154,10 +158,11 @@ func NewHAProxyConfigManager(options templaterouter.ConfigManagerOptions) *hapro
 	return &haproxyConfigManager{
 		connectionInfo:         options.ConnectionInfo,
 		commitInterval:         options.CommitInterval,
-		blueprintRoutes:        buildBlueprintRoutes(options.BlueprintRoutes),
+		blueprintRoutes:        buildBlueprintRoutes(options.BlueprintRoutes, options.ExtendedValidation),
 		blueprintRoutePoolSize: options.BlueprintRoutePoolSize,
 		maxDynamicServers:      options.MaxDynamicServers,
 		wildcardRoutesAllowed:  options.WildcardRoutesAllowed,
+		extendedValidation:     options.ExtendedValidation,
 		defaultCertificate:     "",
 
 		client:           client,
@@ -199,6 +204,14 @@ func (cm *haproxyConfigManager) AddBlueprint(route *routeapi.Route) {
 	newRoute.Namespace = blueprintRoutePoolNamespace
 	newRoute.Spec.Host = ""
 
+	if cm.extendedValidation {
+		if err := validateBlueprintRoute(newRoute); err != nil {
+			glog.Errorf("Skipping blueprint route %s/%s due to invalid configuration: %v",
+				route.Namespace, route.Name, err)
+			return
+		}
+	}
+
 	cm.lock.Lock()
 	existingBlueprints := cm.blueprintRoutes
 	cm.lock.Unlock()
@@ -915,8 +928,23 @@ func (entry *routeBackendEntry) BuildMapAssociations(route *routeapi.Route) {
 	}
 }
 
+// validateBlueprint runs extended validation on a blueprint route.
+func validateBlueprintRoute(route *routeapi.Route) error {
+	errs := validation.ExtendedValidateRoute(route)
+	if len(errs) > 0 {
+		errmsg := ""
+		for i := 0; i < len(errs); i++ {
+			errmsg = errmsg + "\n  - " + errs[i].Error()
+		}
+
+		return fmt.Errorf(errmsg)
+	}
+
+	return nil
+}
+
 // buildBlueprintRoutes generates a list of blueprint routes.
-func buildBlueprintRoutes(customRoutes []*routeapi.Route) []*routeapi.Route {
+func buildBlueprintRoutes(customRoutes []*routeapi.Route, validate bool) []*routeapi.Route {
 	routes := make([]*routeapi.Route, 0)
 
 	// Add in defaults based on the different route termination types.
@@ -937,6 +965,13 @@ func buildBlueprintRoutes(customRoutes []*routeapi.Route) []*routeapi.Route {
 	for _, r := range customRoutes {
 		dolly := r.DeepCopy()
 		dolly.Namespace = blueprintRoutePoolNamespace
+		if validate {
+			if err := validateBlueprintRoute(dolly); err != nil {
+				glog.Errorf("Skipping blueprint route %s/%s due to invalid configuration: %v", r.Namespace, r.Name, err)
+				continue
+			}
+		}
+
 		routes = append(routes, dolly)
 	}
 
diff --git a/pkg/router/template/types.go b/pkg/router/template/types.go
@@ -166,6 +166,9 @@ type ConfigManagerOptions struct {
 
 	// WildcardRoutesAllowed indicates if wildcard routes are allowed.
 	WildcardRoutesAllowed bool
+
+	// ExtendedValidation indicates if extended route validation is enabled.
+	ExtendedValidation bool
 }
 
 // ConfigManager is used by the router to make configuration changes using

Original file line number	Diff line number	Diff line change
`@@ -468,6 +468,7 @@ func (o *TemplateRouterOptions) Run() error {`
`468`	`468`	`BlueprintRoutePoolSize: o.BlueprintRoutePoolSize,`
`469`	`469`	`MaxDynamicServers: o.MaxDynamicServers,`
`470`	`470`	`WildcardRoutesAllowed: o.AllowWildcardRoutes,`
	`471`	`+ ExtendedValidation: o.ExtendedValidation,`
`471`	`472`	`}`
`472`	`473`	`cfgManager = haproxyconfigmanager.NewHAProxyConfigManager(cmopts)`
`473`	`474`	`if len(o.BlueprintRouteNamespace) > 0 {`
Original file line number	Diff line number	Diff line change
`@@ -166,6 +166,9 @@ type ConfigManagerOptions struct {`
`166`	`166`
`167`	`167`	`// WildcardRoutesAllowed indicates if wildcard routes are allowed.`
`168`	`168`	`WildcardRoutesAllowed bool`
	`169`	`+`
	`170`	`+ // ExtendedValidation indicates if extended route validation is enabled.`
	`171`	`+ ExtendedValidation bool`
`169`	`172`	`}`
`170`	`173`
`171`	`174`	`// ConfigManager is used by the router to make configuration changes using`