openstack/octavia
Code Issues Proposed changes

Merge "Fix L7Rules with FILE_TYPE and EQUAL_TO" into stable/2025.1

Browse Source
This commit is contained in:
Zuul
2025-10-17 12:04:54 +00:00
committed by Gerrit Code Review
parent 9e94fb889a 8df215e382
commit dbec3511b2
3 changed files with 17 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
octavia/common/jinja/haproxy/combined_listeners/templates/macros.j2
View File

@@ -77,7 +77,7 @@ bind {{ lb_vip_address }}:{{ listener.protocol_port }} {{
{% endmacro %} {% endmacro %}
{% macro l7rule_compare_type_macro(constants, ctype) %} {% macro l7rule_compare_type_macro(constants, ctype, rtype=None) %}
{% if ctype == constants.L7RULE_COMPARE_TYPE_REGEX %} {% if ctype == constants.L7RULE_COMPARE_TYPE_REGEX %}
{{- "-m reg" -}} {{- "-m reg" -}}
{% elif ctype == constants.L7RULE_COMPARE_TYPE_STARTS_WITH %} {% elif ctype == constants.L7RULE_COMPARE_TYPE_STARTS_WITH %}
@@ -87,7 +87,14 @@ bind {{ lb_vip_address }}:{{ listener.protocol_port }} {{
{% elif ctype == constants.L7RULE_COMPARE_TYPE_CONTAINS %} {% elif ctype == constants.L7RULE_COMPARE_TYPE_CONTAINS %}
{{- "-m sub" -}} {{- "-m sub" -}}
{% elif ctype == constants.L7RULE_COMPARE_TYPE_EQUAL_TO %} {% elif ctype == constants.L7RULE_COMPARE_TYPE_EQUAL_TO %}
{{- "-m str" -}} {# Specific handling for FILE_TYPE with EQUAL_TO, "path_end -m str"
# doesn't work with haproxy, "path_end" is enough for this type of
# comparison
# https://github.com/haproxy/haproxy/issues/2567
#}
{% if rtype != constants.L7RULE_TYPE_FILE_TYPE %}
{{- "-m str" -}}
{% endif %}
{% endif %} {% endif %}
{% endmacro %} {% endmacro %}
@@ -101,7 +108,7 @@ bind {{ lb_vip_address }}:{{ listener.protocol_port }} {{
constants, l7rule.compare_type) }} {{ l7rule.value }} constants, l7rule.compare_type) }} {{ l7rule.value }}
{% elif l7rule.type == constants.L7RULE_TYPE_FILE_TYPE %} {% elif l7rule.type == constants.L7RULE_TYPE_FILE_TYPE %}
acl {{ l7rule.id }} path_end {{ l7rule_compare_type_macro( acl {{ l7rule.id }} path_end {{ l7rule_compare_type_macro(
constants, l7rule.compare_type) }} {{ l7rule.value }} constants, l7rule.compare_type, l7rule.type) }} {{ l7rule.value }}
{% elif l7rule.type == constants.L7RULE_TYPE_HEADER %} {% elif l7rule.type == constants.L7RULE_TYPE_HEADER %}
acl {{ l7rule.id }} req.hdr({{ l7rule.key }}) {{ acl {{ l7rule.id }} req.hdr({{ l7rule.key }}) {{
l7rule_compare_type_macro( l7rule_compare_type_macro(

4
octavia/tests/unit/common/jinja/haproxy/combined_listeners/test_jinja_cfg.py
View File

@@ -1191,7 +1191,7 @@ class TestHaproxyCfg(base.TestCase):
"this.*|that\n" "this.*|that\n"
" redirect code 302 location http://www.example.com if " " redirect code 302 location http://www.example.com if "
"!sample_l7rule_id_2 sample_l7rule_id_3\n" "!sample_l7rule_id_2 sample_l7rule_id_3\n"
" acl sample_l7rule_id_4 path_end -m str jpg\n" " acl sample_l7rule_id_4 path_end jpg\n"
" acl sample_l7rule_id_5 req.hdr(host) -i -m end " " acl sample_l7rule_id_5 req.hdr(host) -i -m end "
".example.com\n" ".example.com\n"
" http-request deny if sample_l7rule_id_4 " " http-request deny if sample_l7rule_id_4 "
@@ -1915,7 +1915,7 @@ class TestHaproxyCfg(base.TestCase):
"this.*|that\n" "this.*|that\n"
" redirect code 302 location http://www.example.com " " redirect code 302 location http://www.example.com "
"if !sample_l7rule_id_2 sample_l7rule_id_3\n" "if !sample_l7rule_id_2 sample_l7rule_id_3\n"
" acl sample_l7rule_id_4 path_end -m str jpg\n" " acl sample_l7rule_id_4 path_end jpg\n"
" acl sample_l7rule_id_5 req.hdr(host) -i -m end " " acl sample_l7rule_id_5 req.hdr(host) -i -m end "
".example.com\n" ".example.com\n"
" http-request deny " " http-request deny "

5
releasenotes/notes/fix-l7rule-FILE_TYPE-EQUAL_TO-6e84773d6ab22c50.yaml Normal file
View File

@@ -0,0 +1,5 @@
---
fixes:
- |
Fixed a bug when using a L7Rule with FILE_TYPE and EQUAL_TO comparison,
it never matched due to an issue with the generated HAProxy configuration.