Add hash on cookie

[jtschulz]

Summary

Add ability to hash on cookie. Per a discussion on the feature suggestion board with @Tieske , this adds a cookie option for the hash_on feature, which works very similarly to the `header option. The use case for this is to allow load balancing with cookie injection, creating a sticky session for API consumers who all behind the same NAT gateway. Specifically this is useful for websockets.

Full changelog

• Implement cookie source for hashing algorithm
  • Upstream config can use cookie for hash_on and hash_fallback value
  • Upstream config uses hash_on_cookie or hash_fallback_cookie for the name of the cookie to use
  • Upstream config uses hash_on_cookie_path or hash_fallback_cookie_path to add the path to the Set-Cookie header
• Add related unit and integration tests

Notes

I'm new to Lua (and, hence, this project), so feel encouraged to tell me everything that's wrong with my code ;) I'm not sure if there's a place for me to add documentation.
I will clean up git history after making any requested changes/ getting final approval.

[jtschulz]

Is there some automated way contributors are generating these migrations? I just manually created the timestamp/ name and it seemed to work.

[Tieske]

no migrations have to be created manual (for now). Also datastore specific. And indeed the name is date+timestamp, just to make it unique (within a migrations file).

[Tieske]

here you need to store the cookie in the ngx.ctx table. And if there is no cookie, you need to create it.

additionally, in the header-filter phase you need to add the cookie to the response

[jtschulz]

Oh great, I misunderstood and thought that a plugin would manage the generation or the cookie, but I think this is a lot better. Thanks for the quick feedback!

[jtschulz]

@Tieske I think this handles what you were asking for, please take a look. I will add tests of course, but I want to make sure this is on the right path before I go further.

[jtschulz]

I put this in the before hook, presumably this will give plugins the ability to access/ modify the cookie value if there is some use case for it.

[Tieske]

I think this is all we need here:

elseif hash_on == "cookie" then
  identifier = ngx.var["cookie_" .. upstream[cookie_field_name]] or utils.uuid()

  ctx.SET_HASH_ON_COOKIE = {
    key = upstream[cookie_field_name],
    value = identifier,
    path = upstream[cookie_path_field_name],
  }

We only need to store the retrieved values to insert the cookie on the way out (in the response), no need to add it to the request here.

[jtschulz]

Right, that makes sense. Thanks! Although, I think we don't want to set the cookie again if it already exists, correct?

[Tieske]

yes, you're right! good catch

[Tieske]

in the header:

local ck = require "resty.cookie"

and here we do something like:

local cookie_hash_data = ctx.SET_HASH_ON_COOKIE
if cookie_hash_data then
  local cookie, ok, err
  cookie, err = ck:new()
  if cookie then
    ok, err = cookie:set(cookie_hash_data)
  end
  if not ok then
    log(ngx.WARN, "failed to set hashing cookie, key=`", cookie_hash_data.key, 
                             "`, value=`", cookie_hash_data.value, 
                             "`, path=`", cookie_hash_data.path,
                             "` : ", err)
  end
end

[Tieske]

some validation on the contents of the cookie name and path are needed here imo

[Tieske]

also relevant here: if the primary is set to "cookie" then the fallback must be "none". Because if the cookie isn't set, it will be created, hence the fallback will never be invoked in that case.

[jtschulz]

Cookie name spec technically allows a handful of other characters, but the same is true of headers. Seems fair to generalize these rules for both. Unless there are any objections?

[Tieske]

for the purpose it serves, I don't see any issues with that

[Tieske]

sorry forget about that, I think we shouldn't change this.

[jtschulz]

Understood, and I was on the fence about this, too. Do you prefer me to just duplicate the logic for the cookie name validation? The only difference would be the error message.

[Tieske]

yes, let's do that for now. Let's get it compete functionality/test wise first and then look at some final things like style and stuff like this.

[Tieske]

where did this come from?

[Tieske]

this fallback setting can go. Since there can only be one cookie setting be it primary or fallback.

[jtschulz]

Should this not support falling back to a cookie value if the primary hash_on is header or ip? I can't think of any use cases for it, but currently header falling back on ip and vice-versa are supported.

[Tieske]

yes it should. But with headers we can have 2 different headers, one for primary, one for fallback. With cookies, there is never more than one since the cookie is created when absent.

Hence having hash_on_cookie and hash_on_cookie_path is enough. We do not need hash_fallback_cookie_path (actually in the current state, hash_fallback_cookie is missing).

[Tieske]

yes it should. But with headers we can have 2 different headers, one for primary, one for fallback. With cookies, there is never more than one since the cookie is created when absent.

Hence having hash_on_cookie and hash_on_cookie_path is enough. We do not need hash_fallback_cookie_path (actually in the current state, hash_fallback_cookie is missing).

[Tieske]

should be

-- cookie name, if `hash_on` or `hash_fallback` == `"cookie"`

[Tieske]

should be

-- cookie path, if `hash_on` or `hash_fallback` == `"cookie"`

[jtschulz]

@Tieske Thanks for that excellent feedback! I think the latest changes address your requests, as well as add some more test coverage. PTAL

[jtschulz]

I've considered other possible ways to DRY this up, but I think they would mostly hurt the readability of the validation. It could be generalized to not refer to "cookie" or "header" at all in the validation message, and give the responsibility of the schema that is applying this validation to a field.

[Tieske]

the doc comments above still refer to 'header' so need to be updated

[jtschulz]

I can't think of any edge cases that testing when a cookie is set catch that are not caught in the next example (where the cookie is not set). I would favor removing this test as redundant, but defer to your judgement.

[Tieske]

agreed. But there is no test that validates that no cookie will be set if it was already provided, so maybe update this test to do that?

[thibaultcha]

note: it is good practice to write the intended result of a test in its description, rather than relying on the reader to infer the proper test results by reading the test case... In this case, a name such as does not reply with Set-Cookie if cookie is already set or something.

[Tieske]

the doc comments above still refer to 'header' so need to be updated

[Tieske]

I checked the codebase for naming, and I think this should be lower case (only latency tracking is uppercase). Also, "hash_on" might not be most descriptive, so maybe just "balancer_cookie" or "balancer_hash_cookie", to make it clear it belong to the balancer logic.

[Tieske]

can we also add validation of the ctx variables?, so in this case that ngx.ctx.SET_HASH_ON_COOKIE is NOT created.

And add another test without a cookie set, that shows that ngx.ctx.SET_HASH_ON_COOKIE is properly created?

[Tieske]

👍

[Tieske]

duplicate of the one above? maybe this is supposed to be the fallback?

[jtschulz]

Yeah, copy/ paste error. I meant to check validating the cookie path on hash fallback.

[Tieske]

agreed. But there is no test that validates that no cookie will be set if it was already provided, so maybe update this test to do that?

[jtschulz]

@Tieske just addressed the last round of feedback, PTAL :)

comments have been adressed

[Tieske]

@PepperTeasdale looks good to me now. Since I already did a lot of reviews on this, I requested @hishamhm for a final review.

Final thing to do would be to update the docs at https://github.com/Kong/getkong.org

[hishamhm]

Overall looks good! I only left notes on very minor things like comments to correct and suggested one test entry.

(I noticed that the things that don't match the current style guide, e.g. uppercase in error messages, are there to match the legacy code around it — and the Upstream entity is due to be converted to the new DAO anyway — so I think they are fine as is.)

[hishamhm]

minor: cookie name → cookie path

[hishamhm]

perhaps also add a "cookie" entry to the "fallback" section below at https://github.com/Kong/kong/pull/3472/files#diff-354d3b9f422325fb4a8342988b3a500cR539 ?

[jtschulz]

Good catch! Didn't see that :)

[hishamhm]

stale comment from copy/paste, please remove

[hishamhm]

comment mismatch: in the implementation below, _ is allowed as well.

The range of valid characters for cookie names seems to be a weird mess, so sticking to a small and safe subset like the one below seems like a good idea.

[jtschulz]

OK @hishamhm thank you for that feedback! This ought to be good now, and I've cleaned up the git history. My only question pertains to updating the docs. I don't see a next branch in the website repo. I did see the release/ce-0.14.0 branch that has a no-merge PR in the project. Should I be branching off that or what? Thanks again!

[hishamhm]

It looks like this block is the code same as the block above, but it should exercise "cookie" as the hash_fallback entry instead.

[jtschulz]

Woops! Fixed

[hishamhm]

My only question pertains to updating the docs. I don't see a next branch in the website repo. I did see the release/ce-0.14.0 branch that has a no-merge PR in the project. Should I be branching off that or what? Thanks again!

Yes, that would work! The branch has a no-merge mark because at this point it contains only the files that have changed from the 0.13 directory (feel free to copy over new files if you need to edit those). By the time we merge this PR, we'll copy over the other 0.13 docs as they will be in their future state (this way we minimize the need to keep track of changes made to the 0.13 docs in the 0.14 branch).

[thibaultcha]

Good job @PepperTeasdale, thanks for the patch, looking good so far, but we'll need some polishing before merging. @Tieske @hishamhm any thoughts about including the cookie parameters as values in the balancer structure instead?

[thibaultcha]

There is no benefits here in separating the declaration and initialization of those variables. Let's keep things more concise and declare/initialize them on the same line (by simply moving the local keyword to the below lines).

[thibaultcha]

None of the logs produced by Kong use or should use backticks, instead, they use single quotes '. Let's update this to keep it consistent.

[thibaultcha]

Additionally, I am not sure logging the value (just a UUID) is very insightful here. It mostly feels like noise.

A more concise error message which could be more readable and clearer from a user's POV would also mention the failure is related to "load balancing". Something similar to:

log(ngx.WARN, "failed to set the cookie for hash-based load balancing: ",
              err, " (key=", key, ", path=", path, ")")

Not the format and conciseness allows us to drop quotes altogether and still remain redable imho.

[thibaultcha]

It seems like there is no point in retrieving this value outside of the ctx.KONG_PROXIED branch. It would also be more readable if we retrieved it just above the if cookie_hash_data branch created below.

[thibaultcha]

Additionally, this gives the impression that it belongs to the ngx.ctx.balancer_address structure, in which we already store all balancer-related values for decision making and introspection purposes (its name should be revisited already). Doing so also allows us to reduce usage of the top-level ctx table (which is sensitive to naming conflicts), and self-documentation by adding this field to the ones documented with its initialization code. cc @Tieske @hishamhm

[thibaultcha]

ctx is already locally cached above in this function, so better use it instead of invoking ngx.ctx again here.

[thibaultcha]

note: it is good practice to write the intended result of a test in its description, rather than relying on the reader to infer the proper test results by reading the test case... In this case, a name such as does not reply with Set-Cookie if cookie is already set or something.

[jtschulz]

@thibaultcha Thanks for the good CR. I'll await your discussion on storing balancer cookie data the balancer structure. What would be a more descriptive name than balancer_address if so? balancer_(config|data) perhaps?

[hishamhm]

I'd just go with balancer_data

[thibaultcha]

@PepperTeasdale Choosing the proper name, if we were to rename this structure, would belong to another discussion, and should not be included in the scope of this PR. We'll take care of it later :)

[Tieske]

any thoughts about including the cookie parameters as values in the balancer structure instead?

Either way is fine. That structure needs to be renamed (and maybe torn apart?), so imo that is part of/follow up of the SDK. Until that refactor, in which we can take this one along, it doesn't really matter whether it lives inside a badly named structure, or lives outside with a proper name.

[jtschulz]

FWIW, from my perspective as someone new to this repo, I would find it a little confusing to find this data in the balancer_address. Thanks everyone for all the really awesome feedback and guidance :)

[jtschulz]

Are you ok with this comment to address the need to refactor the balancer structure? cc: @thibaultcha @Tieske

[hishamhm]

@PepperTeasdale Merged, thank you! I'll open a different PR addressing the naming concern.

[thibaultcha]

@PepperTeasdale Thanks for the patch. By the way, you are now eligible to receive your very own Contributor T-shirt (details in the link). Enjoy! :)

[jtschulz]

Thank you! A+ contributor experience. I look forward contributing more to this and other kong-related projects :)