[THREESCALE-1709] Routing policy #976
Conversation
![codeclimate[bot]](https://avatars.githubusercontent.com/in/9403?s=60&v=4){kind=small}
davidor
force-pushed
the
routing-policy
branch
from
c4139ed to
96f1ff3
Compare
| @@ -0,0 +1,35 @@ | |||
| local setmetatable = setmetatable | |||
There was a problem hiding this comment.
My idea is to use this module from other policies too.
I think we should instantiate it when the policies context is created for the current request, and store an instance of this module there. I think it would improve code organization, and also avoid reading several times the headers and the query arguments.
I'd rather do that in a different PR because it might affect many policies and need changes in some tests.
There was a problem hiding this comment.
I agree that this should become part of the core API. For that, we need a carefully designed interface that is usable by all the policies we have so far. And that that surely wait for another PR 👍
davidor
force-pushed
the
routing-policy
branch
from
cf349de to
a9c304d
Compare
|
@mikz I added support for conditions with 'or' and for liquid templating in the last two commits. It's true that supporting those 2 things complicates a bit the config schema because it requires extra attributes. However, I think that those are 2 useful features and we should support them. I added them in 2 separate commits, so they can be reverted easily. |
davidor
changed the title
davidor
force-pushed
the
routing-policy
branch
from
a5c2f75 to
009e28e
Compare
| @@ -0,0 +1,35 @@ | |||
| local setmetatable = setmetatable | |||
There was a problem hiding this comment.
I agree that this should become part of the core API. For that, we need a carefully designed interface that is usable by all the policies we have so far. And that that surely wait for another PR 👍
t/apicast-policy-routing.t
Outdated
| --- no_error_log | ||
| [error] | ||
|
|
||
| === TEST 22: the rule matches a jwt claim using "!=" and the condition is false |
There was a problem hiding this comment.
I think this integration test has way too many test cases to be readable and understandable for me.
Testing all possible options and their negations can be done in lower level tests line unit tests.
I'd rather leave this focused on high level operations, how it treats the http request, what Host header it passes, how it mangles request path, forwards post body etc.
There was a problem hiding this comment.
Hmm I think that for each operation (matches , == ... ) it makes sense to test both the case where it evaluates to true and false. I see what you mean, this test is too verbose, but I think part of it is because sending a request with a JWT requires quite a few lines in the config and the request.
There was a problem hiding this comment.
I think it makes sense to test both cases for each operation, but probably more in a unit test rather than integration one. Integration tests should be focused on the HTTP request itself.
I get that that unit tests might be a bit different because there is no real http request, but that is fine in my opinion. If we find out we have issues with it we try to solve that.
Maybe extracting those common parts into some shared helpers or something.
There was a problem hiding this comment.
Fair enough. I think that for this particular case it's enough to test operations when they match. If we try to match a header and it works, it means that the code was able to extract the header specified correctly, which is one of the things we want to do in these integration tests. Adding an extra test with the same information but evaluating to false does not add much value.
All the operations are covered in the unit tests of the Condition module.
I deleted the redundant tests following that guideline. They went from 32 to 20: 5fa61d2
| "items": { | ||
| "type": "object", | ||
| "properties": { | ||
| "url": { |
There was a problem hiding this comment.
Do we need just this? We don't need to control whether it rewrites Host header?
There was a problem hiding this comment.
I'm not sure. Do you think we need a way to prevent rewriting the Host header?
Currently, the host is always rewritten calling this method:
https://github.com/3scale/apicast/blob/75eb7e77d466d5ac6ba0aded9446838c87414e95/gateway/src/apicast/upstream.lua#L153
There was a problem hiding this comment.
I think we should double check with out requirements and with people using this.
Host header can be different from the hostname where the traffic should go.
There might be a need to supply own Host header in some cases.
There was a problem hiding this comment.
I think that we can leave this as it is and add the extra parameter later if needed.
Let's check with @vramosp
There was a problem hiding this comment.
Is it feasible to offer the following set of options?
- Host header overwrite by new upstream host (default)
- Host header unchanged
- Host header manual overwrite with a new fixed value
If it adds too much complexity then stick with the first one.
There was a problem hiding this comment.
I created an issue for this: #981
Just a cosmetic change.
I think that for this particular case it's enough to test operations when they match. If we try to match a header and it works, it means that the code was able to extract the header specified correctly, which is one of the things we want to do in these integration tests. Adding an extra test with the same information but evaluating to false does not add much value.
davidor
force-pushed
the
routing-policy
branch
from
e375e7b to
5fa61d2
Compare
Closes #972
This PR adds a new policy, routing. It can select an upstream based on the request path, a request header, a request query argument, and a JWT claim.
I added a README that explains how the policy works.
Depends on #974 and #975
Ref: https://issues.jboss.org/browse/THREESCALE-1709