Bug 1392395 - [networking_public_222] The host which matches more in the wildcard routes should win the routing
Summary: [networking_public_222] The host which matches more in the wildcard routes sh...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Networking
Version: 3.4.0
Hardware: Unspecified
OS: Unspecified
medium
high
Target Milestone: ---
: ---
Assignee: Ram Ranganathan
QA Contact: Meng Bo
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2016-11-07 12:38 UTC by Meng Bo
Modified: 2022-08-04 22:20 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: No Doc Update
Doc Text:
undefined
Clone Of:
Environment:
Last Closed: 2017-01-18 12:50:30 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Origin (Github) 11819 0 None None None 2016-11-08 13:58:28 UTC
Red Hat Product Errata RHBA-2017:0066 0 normal SHIPPED_LIVE Red Hat OpenShift Container Platform 3.4 RPM Release Advisory 2017-01-18 17:23:26 UTC

Description Meng Bo 2016-11-07 12:38:50 UTC 
Description of problem:
Given I create a domain with wildcard policy enabled and host is *.test.wildcard.com 
When another user who creates a new route with host is *.wildcard.com
Then the route will always point to the latter one.

Version-Release number of selected component (if applicable):
oc v3.4.0.22+5c56720
kubernetes v1.4.0+776c994
ose-haproxy-router:v3.4.0.22

How reproducible:
always

Steps to Reproduce:
1. Setup the router with wildcard route allowed
2. Create pod and service in user1's project1
$ oc create -f https://raw.githubusercontent.com/openshift-qe/v3-testfiles/master/routing/caddy-docker.json
$ oc create -f https://raw.githubusercontent.com/openshift-qe/v3-testfiles/master/routing/unsecure/service_unsecure.json
3. Create wildcard route in user1's project1
$ oc create -f route.json
cat route.json
{
        "kind": "Route",
        "apiVersion": "v1",
        "metadata": {
                "name": "route"
        },
        "spec": {
                "wildcardPolicy": "Subdomain",
                "host": "unsecure.test2.wildcard.com",
                "to": {
                        "kind": "Service",
                        "name": "service-unsecure"
                }
        }
}

4. Access the route aaa.test2.wildcard.com

5. Create pod and service in user2's project2
$ oc create -f https://raw.githubusercontent.com/openshift-qe/v3-testfiles/master/routing/caddy-docker-2.json
$ oc create -f https://raw.githubusercontent.com/openshift-qe/v3-testfiles/master/routing/unsecure/service_unsecure.json
6. Create wildcard route in user2's project2
$ oc create -f route2.json
cat route2.json
{
        "kind": "Route",
        "apiVersion": "v1",
        "metadata": {
                "name": "route"
        },
        "spec": {
                "wildcardPolicy": "Subdomain",
                "host": "unsecure.wildcard.com",
                "to": {
                        "kind": "Service",
                        "name": "service-unsecure"
                }
        }
}

7. Access the route aaa.test2.wildcard.com


Actual results:
4. Will point to the pod in user1's project1 when accessing the aaa.test2.wildcard.com
7. It will point to the pod in user2's project2 when accessing the aaa.test2.wildcard.com

Expected results:
The host which matches more should win the route. Or the older one should win the route.

Additional info:
Comment 1 Ram Ranganathan 2016-11-08 08:09:10 UTC 
Fixed in PR: https://github.com/openshift/origin/pull/11819
Comment 2 Troy Dawson 2016-11-09 19:51:18 UTC 
This has been merged into ose and is in OSE v3.4.0.24 or newer.
Comment 4 Meng Bo 2016-11-10 03:22:31 UTC 
Checked on ocp build v3.4.0.24, issue has been fixed.

$ curl --resolve www.test.wildcard.com:80:10.66.140.165 http://www.test.wildcard.com
Hello-OpenShift-1 http-8080
$ curl --resolve aaa.test.wildcard.com:80:10.66.140.165 http://aaa.test.wildcard.com
Hello-OpenShift-1 http-8080


$ curl --resolve unsecure.wildcard.com:80:10.66.140.165 http://unsecure.wildcard.com
Hello-OpenShift-2 http-8080
$ curl --resolve xxx.wildcard.com:80:10.66.140.165 http://xxx.wildcard.com 
Hello-OpenShift-2 http-8080
Comment 6 errata-xmlrpc 2017-01-18 12:50:30 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2017:0066
Note You need to log in before you can comment on or make changes to this bug.