From e358ae27f7e28168ef58e7c21a8f217df717e139 Mon Sep 17 00:00:00 2001
From: Tamal Saha <tamal@appscode.com>
Date: Thu, 28 Dec 2017 18:39:41 -0500
Subject: [PATCH] Generate host acl correctly for `*` host

---
 apis/voyager/v1beta1/annotations.go           |  7 ++++--
 .../voyager/templates/http-frontend.cfg       |  7 +++---
 pkg/haproxy/renderer.go                       | 20 ++++++++++++---
 pkg/haproxy/template.go                       | 25 +++++++++++++++----
 4 files changed, 45 insertions(+), 14 deletions(-)

diff --git a/apis/voyager/v1beta1/annotations.go b/apis/voyager/v1beta1/annotations.go
index 41555f913..abb56eb69 100644
--- a/apis/voyager/v1beta1/annotations.go
+++ b/apis/voyager/v1beta1/annotations.go
@@ -335,8 +335,11 @@ func (r Ingress) EnableCORS() bool {
 }
 
 func (r Ingress) ForceServicePort() bool {
-	v, _ := meta.GetBool(r.Annotations, ForceServicePort)
-	return v
+	if r.LBType() == LBTypeNodePort {
+		v, _ := meta.GetBool(r.Annotations, ForceServicePort)
+		return v
+	}
+	return true
 }
 
 func (r Ingress) EnableHSTS() bool {
diff --git a/hack/docker/voyager/templates/http-frontend.cfg b/hack/docker/voyager/templates/http-frontend.cfg
index d006edb31..08c219f9d 100644
--- a/hack/docker/voyager/templates/http-frontend.cfg
+++ b/hack/docker/voyager/templates/http-frontend.cfg
@@ -73,10 +73,11 @@ frontend {{ .FrontendName }}
 	acl is_proxy_https hdr(X-Forwarded-Proto) https
 
 	{{ range $host := .Hosts }}
-	{{ if  and (or (eq $.Port 80) (eq $.Port 443)) ( or $.ForceMatchServicePort (not $.NodePort)) }}
-	{{ if $host.Host }}acl host_acl_{{ $host.Host | acl_name }} {{ $host.Host | host_name }}{{ end }}
+	{{ with $conditions := (host_acls $host.Host $.Port $.NodePort $.ForceMatchServicePort ) }}
+	{{ range $cond := $conditions }}
+	{{ if $cond }}acl host_acl_{{ $host.Host | acl_name }} {{ $cond }}{{ end }}
+	{{ end }}
 	{{ end }}
-	{{ if $host.Host }}acl host_acl_{{ $host.Host | acl_name }} {{ $host.Host | host_name }}{{ if and (not $.ForceMatchServicePort) $.NodePort }}:{{ $.NodePort }}{{ else }}:{{ $.Port }}{{ end }}{{ end }}
 	{{ range $path := $host.Paths }}
 	{{ if $path.Path }}acl url_acl_{{ $host.Host | acl_name }}_{{ $path.Path | acl_name }} path_beg {{ $path.Path }}{{ end }}
 	{{ if $path.SSLRedirect }}
diff --git a/pkg/haproxy/renderer.go b/pkg/haproxy/renderer.go
index 7a3d9f1b5..29a2a4a82 100644
--- a/pkg/haproxy/renderer.go
+++ b/pkg/haproxy/renderer.go
@@ -16,7 +16,9 @@ func RenderConfig(data TemplateData) (string, error) {
 	if err := data.isValid(); err != nil {
 		return "", err
 	}
+	data.convertWildcardHostToEmpty()
 	data.canonicalize()
+	data.moveAcmePathToTop()
 
 	var buf bytes.Buffer
 	err := haproxyTemplate.ExecuteTemplate(&buf, "haproxy.cfg", data)
@@ -39,6 +41,18 @@ func (td TemplateData) String() string {
 	return string(data)
 }
 
+func (td *TemplateData) convertWildcardHostToEmpty() {
+	for i, svc := range td.HTTPService {
+		for j, host := range svc.Hosts {
+			if host.Host == `*` {
+				host.Host = ""
+			}
+			svc.Hosts[j] = host // remove the acme path
+		}
+		td.HTTPService[i] = svc
+	}
+}
+
 func (td *TemplateData) canonicalize() {
 	if td.DefaultBackend != nil {
 		td.DefaultBackend.canonicalize()
@@ -96,8 +110,6 @@ func (td *TemplateData) canonicalize() {
 		td.UserLists[i].canonicalize()
 	}
 	sort.Slice(td.UserLists, func(i, j int) bool { return td.UserLists[i].Name < td.UserLists[j].Name })
-
-	td.moveAcmePathToTop()
 }
 
 func (td *TemplateData) moveAcmePathToTop() {
@@ -191,14 +203,14 @@ func (td *TemplateData) isValid() error {
 }
 
 func hostName(host string) string {
-	if host == "" || host == `*` {
+	if host == "" {
 		return ""
 	}
 	return strings.ToLower(strings.TrimPrefix(host, "*."))
 }
 
 func hostRank(host string) int {
-	if host == "" || host == `*` {
+	if host == "" {
 		return 0
 	}
 	if strings.HasPrefix(host, "*") {
diff --git a/pkg/haproxy/template.go b/pkg/haproxy/template.go
index 4a64682c2..adcd9a1ff 100644
--- a/pkg/haproxy/template.go
+++ b/pkg/haproxy/template.go
@@ -35,11 +35,26 @@ func HeaderName(v string) string {
 	return v[:index]
 }
 
-func HostName(v string) string {
-	v = strings.TrimSpace(v)
-	if v == "" || v == `*` {
-		return ""
+func HostACLs(host string, port int, nodePort int32, forceSvcPort bool) []string {
+	fmt.Printf("host=%v, port=%v, nodePort=%v, forceSvcPort=%v", host, port, nodePort, forceSvcPort)
+	var conditions []string
+	host = strings.TrimSpace(host)
+
+	if !forceSvcPort && nodePort > 0 {
+		conditions = append(conditions, hostMatcher(fmt.Sprintf("%s:%d", host, nodePort)))
+	} else if forceSvcPort && port > 0 {
+		if port != 80 && port != 443 { // non standard http ports
+			conditions = append(conditions, hostMatcher(fmt.Sprintf("%s:%d", host, port)))
+		} else if host != "" { // http or https
+			conditions = append(conditions, hostMatcher(host))
+			conditions = append(conditions, hostMatcher(fmt.Sprintf("%s:%d", host, port)))
+		}
 	}
+	fmt.Println(">>>>>>>> ", strings.Join(conditions, "|"))
+	return conditions
+}
+
+func hostMatcher(v string) string {
 	if strings.HasPrefix(v, "*") {
 		return "hdr_end(host) -i " + v[1:]
 	}
@@ -63,7 +78,7 @@ var (
 	funcMap = template.FuncMap{
 		"acl_name":     ACLName,
 		"header_name":  HeaderName,
-		"host_name":    HostName,
+		"host_acls":    HostACLs,
 		"backend_hash": BackendHash,
 	}