From 877347189f2c3c3ad75d23aba9fcfa997a2db77e Mon Sep 17 00:00:00 2001
From: ramr <smitram@gmail.com>
Date: Tue, 14 Aug 2018 17:51:54 -0700
Subject: [PATCH] Fix haproxy router config manager issue where sanitize pems
 don't match when extended validation is enabled (causes a reload where none
 is needed). fixes bugz #1615802   o address review comments.

---
 pkg/cmd/infra/router/template.go              |  1 +
 .../template/configmanager/haproxy/manager.go | 34 +++++++++++++++++--
 pkg/router/template/types.go                  |  3 ++
 3 files changed, 36 insertions(+), 2 deletions(-)

diff --git a/pkg/cmd/infra/router/template.go b/pkg/cmd/infra/router/template.go
index b647a8503d07..c3a0ba35a0d2 100644
--- a/pkg/cmd/infra/router/template.go
+++ b/pkg/cmd/infra/router/template.go
@@ -468,6 +468,7 @@ func (o *TemplateRouterOptions) Run() error {
 			BlueprintRoutePoolSize: o.BlueprintRoutePoolSize,
 			MaxDynamicServers:      o.MaxDynamicServers,
 			WildcardRoutesAllowed:  o.AllowWildcardRoutes,
+			ExtendedValidation:     o.ExtendedValidation,
 		}
 		cfgManager = haproxyconfigmanager.NewHAProxyConfigManager(cmopts)
 		if len(o.BlueprintRouteNamespace) > 0 {
diff --git a/pkg/router/template/configmanager/haproxy/manager.go b/pkg/router/template/configmanager/haproxy/manager.go
index f0e9ebad87af..f404bc49ee8b 100644
--- a/pkg/router/template/configmanager/haproxy/manager.go
+++ b/pkg/router/template/configmanager/haproxy/manager.go
@@ -15,6 +15,7 @@ import (
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 
 	routeapi "github.com/openshift/origin/pkg/route/apis/route"
+	"github.com/openshift/origin/pkg/route/apis/route/validation"
 	templaterouter "github.com/openshift/origin/pkg/router/template"
 	templateutil "github.com/openshift/origin/pkg/router/template/util"
 )
@@ -119,6 +120,9 @@ type haproxyConfigManager struct {
 	// wildcardRoutesAllowed indicates if wildcard routes are allowed.
 	wildcardRoutesAllowed bool
 
+	// extendedValidation indicates if extended route validation is enabled.
+	extendedValidation bool
+
 	// router is the associated template router.
 	router templaterouter.RouterInterface
 
@@ -154,10 +158,11 @@ func NewHAProxyConfigManager(options templaterouter.ConfigManagerOptions) *hapro
 	return &haproxyConfigManager{
 		connectionInfo:         options.ConnectionInfo,
 		commitInterval:         options.CommitInterval,
-		blueprintRoutes:        buildBlueprintRoutes(options.BlueprintRoutes),
+		blueprintRoutes:        buildBlueprintRoutes(options.BlueprintRoutes, options.ExtendedValidation),
 		blueprintRoutePoolSize: options.BlueprintRoutePoolSize,
 		maxDynamicServers:      options.MaxDynamicServers,
 		wildcardRoutesAllowed:  options.WildcardRoutesAllowed,
+		extendedValidation:     options.ExtendedValidation,
 		defaultCertificate:     "",
 
 		client:           client,
@@ -199,6 +204,14 @@ func (cm *haproxyConfigManager) AddBlueprint(route *routeapi.Route) {
 	newRoute.Namespace = blueprintRoutePoolNamespace
 	newRoute.Spec.Host = ""
 
+	if cm.extendedValidation {
+		if err := validateBlueprintRoute(newRoute); err != nil {
+			glog.Errorf("Skipping blueprint route %s/%s due to invalid configuration: %v",
+				route.Namespace, route.Name, err)
+			return
+		}
+	}
+
 	cm.lock.Lock()
 	existingBlueprints := cm.blueprintRoutes
 	cm.lock.Unlock()
@@ -915,8 +928,18 @@ func (entry *routeBackendEntry) BuildMapAssociations(route *routeapi.Route) {
 	}
 }
 
+// validateBlueprintRoute runs extended validation on a blueprint route.
+func validateBlueprintRoute(route *routeapi.Route) error {
+	if errs := validation.ExtendedValidateRoute(route); len(errs) > 0 {
+		agg := errs.ToAggregate()
+		return fmt.Errorf(agg.Error())
+	}
+
+	return nil
+}
+
 // buildBlueprintRoutes generates a list of blueprint routes.
-func buildBlueprintRoutes(customRoutes []*routeapi.Route) []*routeapi.Route {
+func buildBlueprintRoutes(customRoutes []*routeapi.Route, validate bool) []*routeapi.Route {
 	routes := make([]*routeapi.Route, 0)
 
 	// Add in defaults based on the different route termination types.
@@ -937,6 +960,13 @@ func buildBlueprintRoutes(customRoutes []*routeapi.Route) []*routeapi.Route {
 	for _, r := range customRoutes {
 		dolly := r.DeepCopy()
 		dolly.Namespace = blueprintRoutePoolNamespace
+		if validate {
+			if err := validateBlueprintRoute(dolly); err != nil {
+				glog.Errorf("Skipping blueprint route %s/%s due to invalid configuration: %v", r.Namespace, r.Name, err)
+				continue
+			}
+		}
+
 		routes = append(routes, dolly)
 	}
 
diff --git a/pkg/router/template/types.go b/pkg/router/template/types.go
index 8429cf6eb1ef..0113aae59646 100644
--- a/pkg/router/template/types.go
+++ b/pkg/router/template/types.go
@@ -166,6 +166,9 @@ type ConfigManagerOptions struct {
 
 	// WildcardRoutesAllowed indicates if wildcard routes are allowed.
 	WildcardRoutesAllowed bool
+
+	// ExtendedValidation indicates if extended route validation is enabled.
+	ExtendedValidation bool
 }
 
 // ConfigManager is used by the router to make configuration changes using