lrc + transforms

Author: zac-nixon

docs/guide/gateway/l7gateway.md

@@ -186,7 +186,7 @@ information see the [Gateway API Conformance Page](https://gateway-api.sigs.k8s.
 | HTTPRouteRule - HTTPRouteFilter - ResponseHeaderModifier | Core              |                                                                                                                   ❌ |
 | HTTPRouteRule - HTTPRouteFilter - RequestMirror          | Extended          |                                                                                                                   ❌ |
 | HTTPRouteRule - HTTPRouteFilter - RequestRedirect        | Core              |                                                                                                                   ✅ |
-| HTTPRouteRule - HTTPRouteFilter - UrlRewrite             | Extended          |                                                                                                                   ❌ |
+| HTTPRouteRule - HTTPRouteFilter - UrlRewrite             | Extended          |                                                                                                                   ✅ |
 | HTTPRouteRule - HTTPRouteFilter - CORS                   | Extended          |                                                                                                                   ❌ |
 | HTTPRouteRule - HTTPRouteFilter - ExternalAuth           | Extended          |                                ❌ -- Use [ListenerRuleConfigurations](customization.md#customizing-l7-routing-rules) |
 | HTTPRouteRule - HTTPRouteFilter - ExtensionRef           | Core              |                      ✅ -- Use to attach [ListenerRuleConfigurations](customization.md#customizing-l7-routing-rules) |

main.go

@@ -278,7 +278,7 @@ func main() {
 		enabledControllers := sets.Set[string]{}
 
 		routeLoaderCreator := sync.OnceValue(func() routeutils.Loader {
-			return routeutils.NewLoader(mgr.GetClient(), routeReconciler, mgr.GetLogger().WithName("gateway-route-loader"))
+			return routeutils.NewLoader(mgr.GetClient(), routeReconciler, routeutils.NewRouteValidator(), mgr.GetLogger().WithName("gateway-route-loader"))
 		})
 
 		// Setup NLB Gateway controller if enabled

pkg/gateway/model/model_build_listener.go

@@ -272,6 +272,7 @@ func (l listenerBuilderImpl) buildListenerRules(ctx context.Context, stack core.
 		albRules = append(albRules, elbv2model.Rule{
 			Conditions: conditionsList,
 			Actions:    actions,
+			Transforms: routeutils.BuildRoutingRuleTransforms(route, ruleWithPrecedence),
 			Tags:       tags,
 		})
 
@@ -285,6 +286,7 @@ func (l listenerBuilderImpl) buildListenerRules(ctx context.Context, stack core.
 			Priority:    priority,
 			Conditions:  rule.Conditions,
 			Actions:     rule.Actions,
+			Transforms:  rule.Transforms,
 			Tags:        rule.Tags,
 		})
 		priority += 1

pkg/gateway/routeutils/loader.go

@@ -65,15 +65,17 @@ type loaderImpl struct {
 	routeSubmitter  RouteReconcilerSubmitter
 	k8sClient       client.Client
 	logger          logr.Logger
+	routeValidator  RouteValidator
 	allRouteLoaders map[RouteKind]func(context context.Context, client client.Client, opts ...client.ListOption) ([]preLoadRouteDescriptor, error)
 }
 
-func NewLoader(k8sClient client.Client, routeSubmitter RouteReconcilerSubmitter, logger logr.Logger) Loader {
+func NewLoader(k8sClient client.Client, routeSubmitter RouteReconcilerSubmitter, routeValidator RouteValidator, logger logr.Logger) Loader {
 	return &loaderImpl{
 		mapper:          newListenerToRouteMapper(k8sClient, logger.WithName("route-mapper")),
 		routeSubmitter:  routeSubmitter,
 		k8sClient:       k8sClient,
 		allRouteLoaders: allRoutes,
+		routeValidator:  routeValidator,
 		logger:          logger,
 	}
 }
@@ -82,7 +84,7 @@ func NewLoader(k8sClient client.Client, routeSubmitter RouteReconcilerSubmitter,
 func (l *loaderImpl) LoadRoutesForGateway(ctx context.Context, gw gwv1.Gateway, filter LoadRouteFilter, controllerName string) (*LoaderResult, error) {
 	// 1. Load all relevant routes according to the filter
 
-	loadedRoutes := make([]preLoadRouteDescriptor, 0)
+	foo := make([]preLoadRouteDescriptor, 0)
 
 	routeStatusUpdates := make([]RouteData, 0)
 
@@ -108,16 +110,20 @@ func (l *loaderImpl) LoadRoutesForGateway(ctx context.Context, gw gwv1.Gateway,
 			if err != nil {
 				return nil, err
 			}
-			loadedRoutes = append(loadedRoutes, data...)
+			foo = append(foo, data...)
 		}
 	}
 
-	// validate listeners configuration and get listener status
+	// 2. Validate listeners configuration and get listener status
 	listenerValidationResults := ValidateListeners(gw, controllerName, ctx, l.k8sClient)
 
-	// 2. Remove routes that aren't granted attachment by the listener.
+	// 3. Validate route configuration, filter out bad configurations.
+	validatedRoutes, validationErrors := l.routeValidator.filterToValidRoutes(gw, foo)
+	routeStatusUpdates = append(routeStatusUpdates, validationErrors...)
+
+	// 4. Remove routes that aren't granted attachment by the listener.
 	// Map any routes that are granted attachment to the listener port that allows the attachment.
-	mappedRoutes, statusUpdates, err := l.mapper.mapGatewayAndRoutes(ctx, gw, loadedRoutes)
+	mappedRoutes, statusUpdates, err := l.mapper.mapGatewayAndRoutes(ctx, gw, validatedRoutes)
 
 	routeStatusUpdates = append(routeStatusUpdates, statusUpdates...)
 
@@ -128,7 +134,7 @@ func (l *loaderImpl) LoadRoutesForGateway(ctx context.Context, gw gwv1.Gateway,
 	// Count attached routes per listener for listener status update
 	attachedRouteMap := buildAttachedRouteMap(gw, mappedRoutes)
 
-	// 3. Load the underlying resource(s) for each route that is configured.
+	// 5. Load the underlying resource(s) for each route that is configured.
 	loadedRoute, childRouteLoadUpdates, err := l.loadChildResources(ctx, mappedRoutes, gw)
 	routeStatusUpdates = append(routeStatusUpdates, childRouteLoadUpdates...)
 	if err != nil {

pkg/gateway/routeutils/loader_test.go

@@ -2,6 +2,7 @@ package routeutils
 
 import (
 	"context"
+	gwalpha2 "sigs.k8s.io/gateway-api/apis/v1alpha2"
 	"testing"
 	"time"
 
@@ -34,6 +35,7 @@ type mockRoute struct {
 	routeKind      RouteKind
 	generation     int64
 	hostnames      []gwv1.Hostname
+	route          interface{}
 }
 
 func (m *mockRoute) loadAttachedRules(context context.Context, k8sClient client.Client) (RouteDescriptor, []routeLoadError) {
@@ -71,8 +73,7 @@ func (m *mockRoute) GetRouteGeneration() int64 {
 }
 
 func (m *mockRoute) GetRawRoute() interface{} {
-	//TODO implement me
-	panic("implement me")
+	return m.route
 }
 
 func (m *mockRoute) GetAttachedRules() []RouteRule {
@@ -92,20 +93,23 @@ func TestLoadRoutesForGateway(t *testing.T) {
 				Name:      "http1",
 			},
 			routeKind: HTTPRouteKind,
+			route:     &gwv1.HTTPRoute{},
 		},
 		&mockRoute{
 			namespacedName: types.NamespacedName{
 				Namespace: "http2-ns",
 				Name:      "http2",
 			},
 			routeKind: HTTPRouteKind,
+			route:     &gwv1.HTTPRoute{},
 		},
 		&mockRoute{
 			namespacedName: types.NamespacedName{
 				Namespace: "http3-ns",
 				Name:      "http3",
 			},
 			routeKind: HTTPRouteKind,
+			route:     &gwv1.HTTPRoute{},
 		},
 	}
 
@@ -122,20 +126,23 @@ func TestLoadRoutesForGateway(t *testing.T) {
 				Name:      "tcp1",
 			},
 			routeKind: TCPRouteKind,
+			route:     &gwalpha2.TCPRoute{},
 		},
 		&mockRoute{
 			namespacedName: types.NamespacedName{
 				Namespace: "tcp2-ns",
 				Name:      "tcp2",
 			},
 			routeKind: TCPRouteKind,
+			route:     &gwalpha2.TCPRoute{},
 		},
 		&mockRoute{
 			namespacedName: types.NamespacedName{
 				Namespace: "tcp3-ns",
 				Name:      "tcp3",
 			},
 			routeKind: TCPRouteKind,
+			route:     &gwalpha2.TCPRoute{},
 		},
 	}
 
@@ -292,6 +299,7 @@ func TestLoadRoutesForGateway(t *testing.T) {
 					mapToReturn:        tc.expectedPreloadMap,
 					routeStatusUpdates: tc.mapperRouteStatusUpdates,
 				},
+				routeValidator:  NewRouteValidator(),
 				allRouteLoaders: allRouteLoaders,
 				logger:          logr.Discard(),
 				routeSubmitter:  routeReconciler,

pkg/gateway/routeutils/mock_route.go

@@ -1,8 +1,10 @@
 package routeutils
 
 import (
+	"context"
 	"k8s.io/apimachinery/pkg/types"
 	elbv2gw "sigs.k8s.io/aws-load-balancer-controller/apis/gateway/v1beta1"
+	"sigs.k8s.io/controller-runtime/pkg/client"
 	gwv1 "sigs.k8s.io/gateway-api/apis/v1"
 	"time"
 )
@@ -32,10 +34,16 @@ type MockRoute struct {
 	Name         string
 	Namespace    string
 	Hostnames    []string
+	Route        interface{}
 	CreationTime time.Time
 	Rules        []RouteRule
 }
 
+func (m *MockRoute) loadAttachedRules(_ context.Context, k8sClient client.Client) (RouteDescriptor, []routeLoadError) {
+	//TODO implement me
+	panic("implement me")
+}
+
 func (m *MockRoute) GetBackendRefs() []gwv1.BackendRef {
 	//TODO implement me
 	panic("implement me")
@@ -71,8 +79,7 @@ func (m *MockRoute) GetParentRefs() []gwv1.ParentReference {
 }
 
 func (m *MockRoute) GetRawRoute() interface{} {
-	//TODO implement me
-	panic("implement me")
+	return m.Route
 }
 
 func (m *MockRoute) GetAttachedRules() []RouteRule {
@@ -81,7 +88,7 @@ func (m *MockRoute) GetAttachedRules() []RouteRule {
 }
 
 func (m *MockRoute) GetRouteGeneration() int64 {
-	panic("implement me")
+	return 0
 }
 
 func (m *MockRoute) GetRouteCreateTimestamp() time.Time {

pkg/gateway/routeutils/route_rule_action.go

@@ -213,6 +213,8 @@ func buildHttpRuleRedirectActionsBasedOnFilter(filters []gwv1.HTTPRouteFilter, r
 			return buildHttpRedirectAction(filter.RequestRedirect, redirectConfig)
 		case gwv1.HTTPRouteFilterExtensionRef:
 			continue
+		case gwv1.HTTPRouteFilterURLRewrite:
+			continue
 		default:
 			return nil, errors.Errorf("Unsupported filter type: %v. Only request redirect is supported. To specify header modification, please configure it through LoadBalancerConfiguration.", filter.Type)
 		}

pkg/gateway/routeutils/route_rule_transform.go

@@ -0,0 +1,119 @@
+package routeutils
+
+import (
+	"fmt"
+	elbv2model "sigs.k8s.io/aws-load-balancer-controller/pkg/model/elbv2"
+	gwv1 "sigs.k8s.io/gateway-api/apis/v1"
+	"strings"
+)
+
+const (
+	replaceWholeHostHeaderRegex           = ".*"
+	replaceWholePathMinusQueryParamsRegex = "^([^?]*)"
+)
+
+func BuildRoutingRuleTransforms(gwRoute RouteDescriptor, gwRule RulePrecedence) []elbv2model.Transform {
+	switch gwRoute.GetRouteKind() {
+	case HTTPRouteKind:
+		return buildHTTPRuleTransforms(gwRule.CommonRulePrecedence.Rule.GetRawRouteRule().(*gwv1.HTTPRouteRule), gwRule.HTTPMatch)
+	default:
+		return []elbv2model.Transform{}
+	}
+}
+
+func buildHTTPRuleTransforms(rule *gwv1.HTTPRouteRule, httpMatch *gwv1.HTTPRouteMatch) []elbv2model.Transform {
+	var transforms []elbv2model.Transform
+
+	if rule != nil {
+		for _, rf := range rule.Filters {
+			if rf.URLRewrite != nil {
+				if rf.URLRewrite.Path != nil {
+					transforms = append(transforms, generateURLRewritePathTransform(*rf.URLRewrite.Path, httpMatch))
+				}
+
+				if rf.URLRewrite.Hostname != nil {
+					transforms = append(transforms, generateHostHeaderRewriteTransform(*rf.URLRewrite.Hostname))
+				}
+			}
+		}
+	}
+
+	return transforms
+}
+
+func generateHostHeaderRewriteTransform(hostname gwv1.PreciseHostname) elbv2model.Transform {
+	return elbv2model.Transform{
+		Type: elbv2model.TransformTypeHostHeaderRewrite,
+		HostHeaderRewriteConfig: &elbv2model.RewriteConfigObject{
+			Rewrites: []elbv2model.RewriteConfig{
+				{
+					Regex:   replaceWholeHostHeaderRegex,
+					Replace: string(hostname),
+				},
+			},
+		},
+	}
+}
+
+func generateURLRewritePathTransform(gwPathModifier gwv1.HTTPPathModifier, httpMatch *gwv1.HTTPRouteMatch) elbv2model.Transform {
+	var replacementRegex string
+	var replacement string
+
+	switch gwPathModifier.Type {
+	case gwv1.FullPathHTTPPathModifier:
+		// Capture just the path, not the query parameters
+		replacementRegex = replaceWholePathMinusQueryParamsRegex
+		replacement = *gwPathModifier.ReplaceFullPath
+		break
+	case gwv1.PrefixMatchHTTPPathModifier:
+		replacementRegex, replacement = generatePrefixReplacementRegex(httpMatch, *gwPathModifier.ReplacePrefixMatch)
+		break
+	default:
+		// Need to set route status as failed :blah:
+		// Probably do this in the routeutils loader step and for validation.
+	}
+	return elbv2model.Transform{
+		Type: elbv2model.TransformTypeUrlRewrite,
+		UrlRewriteConfig: &elbv2model.RewriteConfigObject{
+			Rewrites: []elbv2model.RewriteConfig{
+				{
+					Regex:   replacementRegex,
+					Replace: replacement,
+				},
+			},
+		},
+	}
+}
+
+func generatePrefixReplacementRegex(httpMatch *gwv1.HTTPRouteMatch, replacement string) (string, string) {
+	match := *httpMatch.Path.Value
+
+	/*
+		If we're being asked to replace a prefix with "", we still need to keep one '/' to form a valid path.
+		Consider getting the path '/foo' and having the replacement string being '', we would transform '/foo' => ''
+		thereby leaving an invalid path of ''. We could (in theory) do this for all replacements, e.g. replace = 'cat'
+		we could transform this into '/cat' here, but tbh the user can also do this, and I'm not entirely
+		sure if we could handle all possible cases.
+
+		To explain the addition of $2, we set up an optional capture group after the initial prefix match. We only want
+		to add back the value of the optional capture group when the replacement doesn't already have a '/' suffix.
+		A couple examples:
+
+		Without the capture group, e.g. (^%s)
+		input path = '/foo/', prefixRegex = '(^/foo)', replacement value = '/cat/' results in '/cat//'
+
+		To extend the example, now consider using having the capture group and always adding that to the result.
+		input path = '/foo/', prefixRegex = '(^/foo(/)?)', replacement value = '/cat/$2' results in (again) '/cat//'
+
+		Without the capture group, we would have one '/' too few.
+		input path = '/foo/bar', prefixRegex = '(^/foo(/)?)', replacement value = '/cat$2' results in '/catbar'
+
+	*/
+	if replacement == "" {
+		replacement = "/"
+	} else if !strings.HasSuffix(replacement, "/") {
+		replacement = fmt.Sprintf("%s$2", replacement)
+	}
+
+	return fmt.Sprintf("(^%s(/)?)", match), replacement
+}