Merge "Fix L7Rules with FILE_TYPE and EQUAL_TO"

2025-09-10 21:39:08 +00:00
parent dc93d0572a c64c5f5443
commit f6a639bb44
3 changed files with 17 additions and 5 deletions
--- a/octavia/common/jinja/haproxy/combined_listeners/templates/macros.j2
+++ b/octavia/common/jinja/haproxy/combined_listeners/templates/macros.j2
@@ -77,7 +77,7 @@ bind {{ lb_vip_address }}:{{ listener.protocol_port }} {{
 {% endmacro %}


-{% macro l7rule_compare_type_macro(constants, ctype) %}
+{% macro l7rule_compare_type_macro(constants, ctype, rtype=None) %}
    {% if ctype == constants.L7RULE_COMPARE_TYPE_REGEX %}
        {{- "-m reg" -}}
    {% elif ctype == constants.L7RULE_COMPARE_TYPE_STARTS_WITH %}
@@ -87,7 +87,14 @@ bind {{ lb_vip_address }}:{{ listener.protocol_port }} {{
    {% elif ctype == constants.L7RULE_COMPARE_TYPE_CONTAINS %}
        {{- "-m sub" -}}
    {% elif ctype == constants.L7RULE_COMPARE_TYPE_EQUAL_TO %}
-        {{- "-m str" -}}
+        {# Specific handling for FILE_TYPE with EQUAL_TO, "path_end -m str"
+        # doesn't work with haproxy, "path_end" is enough for this type of
+        # comparison
+        # https://github.com/haproxy/haproxy/issues/2567
+        #}
+        {% if rtype != constants.L7RULE_TYPE_FILE_TYPE %}
+            {{- "-m str" -}}
+        {% endif %}
    {% endif %}
 {% endmacro %}

@@ -101,7 +108,7 @@ bind {{ lb_vip_address }}:{{ listener.protocol_port }} {{
            constants, l7rule.compare_type) }} {{ l7rule.value }}
    {% elif l7rule.type == constants.L7RULE_TYPE_FILE_TYPE %}
        acl {{ l7rule.id }} path_end {{ l7rule_compare_type_macro(
-            constants, l7rule.compare_type) }} {{ l7rule.value }}
+            constants, l7rule.compare_type, l7rule.type) }} {{ l7rule.value }}
    {% elif l7rule.type == constants.L7RULE_TYPE_HEADER %}
        acl {{ l7rule.id }} req.hdr({{ l7rule.key }}) {{
            l7rule_compare_type_macro(
--- a/octavia/tests/unit/common/jinja/haproxy/combined_listeners/test_jinja_cfg.py
+++ b/octavia/tests/unit/common/jinja/haproxy/combined_listeners/test_jinja_cfg.py
@@ -1190,7 +1190,7 @@ class TestHaproxyCfg(base.TestCase):
              "this.*|that\n"
              "    redirect code 302 location http://www.example.com if "
              "!sample_l7rule_id_2 sample_l7rule_id_3\n"
-              "        acl sample_l7rule_id_4 path_end -m str jpg\n"
+              "        acl sample_l7rule_id_4 path_end  jpg\n"
              "        acl sample_l7rule_id_5 req.hdr(host) -i -m end "
              ".example.com\n"
              "    http-request deny if sample_l7rule_id_4 "
@@ -1914,7 +1914,7 @@ class TestHaproxyCfg(base.TestCase):
              "this.*|that\n"
              "    redirect code 302 location http://www.example.com "
              "if !sample_l7rule_id_2 sample_l7rule_id_3\n"
-              "        acl sample_l7rule_id_4 path_end -m str jpg\n"
+              "        acl sample_l7rule_id_4 path_end  jpg\n"
              "        acl sample_l7rule_id_5 req.hdr(host) -i -m end "
              ".example.com\n"
              "    http-request deny "
--- a/releasenotes/notes/fix-l7rule-FILE_TYPE-EQUAL_TO-6e84773d6ab22c50.yaml
+++ b/releasenotes/notes/fix-l7rule-FILE_TYPE-EQUAL_TO-6e84773d6ab22c50.yaml
@@ -0,0 +1,5 @@
+---
+fixes:
+  - |
+    Fixed a bug when using a L7Rule with FILE_TYPE and EQUAL_TO comparison,
+    it never matched due to an issue with the generated HAProxy configuration.