Bug 1392395 – [networking_public_222] The host which matches more in the wildcard routes should win the routing

Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.

Bug 1392395 - [networking_public_222] The host which matches more in the wildcard routes should win the routing

Summary:	[networking_public_222] The host which matches more in the wildcard routes sh...

Status:	CLOSED ERRATA

Aliases:	None

Product:	OpenShift Container Platform
Classification:	Red Hat
Component:	Routing (Show other bugs)
Sub Component:
Version:	3.4.0
Hardware:	Unspecified Unspecified

Priority	medium Severity high
Target Milestone:	---
Target Release:	---
Assigned To:	Ram Ranganathan
QA Contact:	Meng Bo
Docs Contact:

URL:
Whiteboard:
Keywords:

Depends On:
Blocks:
	Show dependency tree / graph

Reported:	2016-11-07 07:38 EST by Meng Bo
Modified:	2017-03-08 13 EST (History)
CC List:	3 users (show)

See Also:
Fixed In Version:
Doc Type:	No Doc Update
Doc Text:	undefined
Story Points:	---
Clone Of:
Environment:
Last Closed:	2017-01-18 07:50:30 EST
Type:	Bug
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

External Trackers
Tracker	ID	Priority	Status	Summary	Last Updated
Origin (Github)	11819	None	None	None	2016-11-08 08:58 EST
Red Hat Product Errata	RHBA-2017:0066	normal	SHIPPED_LIVE	Red Hat OpenShift Container Platform 3.4 RPM Release Advisory	2017-01-18 12:23:26 EST

Groups: None (edit)

Description Meng Bo 2016-11-07 07:38:50 EST

Description of problem:
Given I create a domain with wildcard policy enabled and host is *.test.wildcard.com 
When another user who creates a new route with host is *.wildcard.com
Then the route will always point to the latter one.

Version-Release number of selected component (if applicable):
oc v3.4.0.22+5c56720
kubernetes v1.4.0+776c994
ose-haproxy-router:v3.4.0.22

How reproducible:
always

Steps to Reproduce:
1. Setup the router with wildcard route allowed
2. Create pod and service in user1's project1
$ oc create -f https://raw.githubusercontent.com/openshift-qe/v3-testfiles/master/routing/caddy-docker.json
$ oc create -f https://raw.githubusercontent.com/openshift-qe/v3-testfiles/master/routing/unsecure/service_unsecure.json
3. Create wildcard route in user1's project1
$ oc create -f route.json
cat route.json
{
        "kind": "Route",
        "apiVersion": "v1",
        "metadata": {
                "name": "route"
        },
        "spec": {
                "wildcardPolicy": "Subdomain",
                "host": "unsecure.test2.wildcard.com",
                "to": {
                        "kind": "Service",
                        "name": "service-unsecure"
                }
        }
}

4. Access the route aaa.test2.wildcard.com

5. Create pod and service in user2's project2
$ oc create -f https://raw.githubusercontent.com/openshift-qe/v3-testfiles/master/routing/caddy-docker-2.json
$ oc create -f https://raw.githubusercontent.com/openshift-qe/v3-testfiles/master/routing/unsecure/service_unsecure.json
6. Create wildcard route in user2's project2
$ oc create -f route2.json
cat route2.json
{
        "kind": "Route",
        "apiVersion": "v1",
        "metadata": {
                "name": "route"
        },
        "spec": {
                "wildcardPolicy": "Subdomain",
                "host": "unsecure.wildcard.com",
                "to": {
                        "kind": "Service",
                        "name": "service-unsecure"
                }
        }
}

7. Access the route aaa.test2.wildcard.com


Actual results:
4. Will point to the pod in user1's project1 when accessing the aaa.test2.wildcard.com
7. It will point to the pod in user2's project2 when accessing the aaa.test2.wildcard.com

Expected results:
The host which matches more should win the route. Or the older one should win the route.

Additional info:

Comment 1 Ram Ranganathan 2016-11-08 03:09:10 EST

Fixed in PR: https://github.com/openshift/origin/pull/11819

Comment 2 Troy Dawson 2016-11-09 14:51:18 EST

This has been merged into ose and is in OSE v3.4.0.24 or newer.

Comment 4 Meng Bo 2016-11-09 22:22:31 EST

Checked on ocp build v3.4.0.24, issue has been fixed.

$ curl --resolve www.test.wildcard.com:80:10.66.140.165 http://www.test.wildcard.com
Hello-OpenShift-1 http-8080
$ curl --resolve aaa.test.wildcard.com:80:10.66.140.165 http://aaa.test.wildcard.com
Hello-OpenShift-1 http-8080


$ curl --resolve unsecure.wildcard.com:80:10.66.140.165 http://unsecure.wildcard.com
Hello-OpenShift-2 http-8080
$ curl --resolve xxx.wildcard.com:80:10.66.140.165 http://xxx.wildcard.com 
Hello-OpenShift-2 http-8080

Comment 6 errata-xmlrpc 2017-01-18 07:50:30 EST

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2017:0066

Note You need to log in before you can comment on or make changes to this bug.