Skip to content

Commit

Permalink
fix(router): fix tls_passthrough in expression flavor (#11538)
Browse files Browse the repository at this point in the history
Fix an issue that protocol `tls_passthrough` can not work with expressions flavor

KAG-2561
See: Kong/kubernetes-ingress-controller#4574 (comment)

(cherry picked from commit 66795cd)
  • Loading branch information
chronolaw authored and windmgc committed Sep 19, 2023
1 parent c90cb67 commit d8cf3aa
Show file tree
Hide file tree
Showing 4 changed files with 79 additions and 3 deletions.
7 changes: 7 additions & 0 deletions CHANGELOG/unreleased/kong/11538.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
message: Fix an issue that protocol `tls_passthrough` can not work with expressions flavor
type: bugfix
scope: Core
prs:
- 11538
jiras:
- "KAG-2561"
4 changes: 3 additions & 1 deletion kong/router/expressions.lua
Original file line number Diff line number Diff line change
Expand Up @@ -32,7 +32,9 @@ local function get_exp_and_priority(route)
-- give the chance for http redirection (301/302/307/308/426)
-- and allow tcp works with tls
if protocols and #protocols == 1 and
(protocols[1] == "https" or protocols[1] == "tls")
(protocols[1] == "https" or
protocols[1] == "tls" or
protocols[1] == "tls_passthrough")
then
return exp, route.priority
end
Expand Down
69 changes: 68 additions & 1 deletion spec/01-unit/08-router_spec.lua
Original file line number Diff line number Diff line change
Expand Up @@ -4860,7 +4860,74 @@ end
do
local flavor = "expressions"

describe("Router (flavor = " .. flavor .. ")", function()
describe("Router (flavor = " .. flavor .. ") [stream]", function()
reload_router(flavor, "stream")

local use_case, router

local service = {
name = "service-invalid",
protocol = "tcp",
}

lazy_setup(function()
use_case = {
{
service = service,
route = {
id = "e8fb37f1-102d-461e-9c51-6608a6bb8101",
protocols = { "tls" },
expression = [[tls.sni == "www.example.com"]],
priority = 100,
},
},
{
service = service,
route = {
id = "e8fb37f1-102d-461e-9c51-6608a6bb8102",
protocols = { "tls_passthrough" },
expression = [[tls.sni == "www.example.org"]],
priority = 100,
},
},
}

router = assert(new_router(use_case))
end)

it("exec() should match tls with tls.sni", function()
local _ngx = {
var = {
remote_port = 1000,
server_port = 1000,
ssl_preread_server_name = "www.example.com",
},
}
router._set_ngx(_ngx)
local match_t = router:exec()
assert.truthy(match_t)

assert.same(use_case[1].route, match_t.route)
end)

it("exec() should match tls_passthrough with tls.sni", function()
local _ngx = {
var = {
remote_port = 1000,
server_port = 1000,
ssl_preread_server_name = "www.example.org",
},
}
router._set_ngx(_ngx)
local match_t = router:exec()
assert.truthy(match_t)

assert.same(use_case[2].route, match_t.route)
end)

end)

describe("Router (flavor = " .. flavor .. ") [http]", function()
reload_router(flavor)

local use_case, router
Expand Down
2 changes: 1 addition & 1 deletion spec/02-integration/05-proxy/02-router_spec.lua
Original file line number Diff line number Diff line change
Expand Up @@ -1410,7 +1410,7 @@ for _, strategy in helpers.each_strategy() do
end
end)

it_trad_only("matches a Route based on its 'snis' attribute", function()
it("matches a Route based on its 'snis' attribute", function()
-- config propagates to stream subsystems not instantly
-- try up to 10 seconds with step of 2 seconds
-- in vagrant it takes around 6 seconds
Expand Down

0 comments on commit d8cf3aa

Please sign in to comment.