Use hash instead of projectname.tenant for byoc delegate domain

edw-defang · edw-defang · commit 286a222b764c · 2024-08-21T15:58:35.000-07:00
diff --git a/src/pkg/cli/client/byoc/aws/byoc.go b/src/pkg/cli/client/byoc/aws/byoc.go
@@ -3,6 +3,7 @@ package aws
 import (
 	"bytes"
 	"context"
+	"crypto/sha256"
 	"encoding/base64"
 	"encoding/json"
 	"errors"
@@ -651,18 +652,9 @@ func (b *ByocAws) getProjectDomain(account, zone string) string {
 	if b.ProjectName == "" {
 		return "" // no project name => no custom domain
 	}
-	var buf strings.Builder
-	if account != "" {
-		buf.WriteString(account)
-		buf.WriteByte('.')
-	}
-	projectLabel := byoc.DnsSafeLabel(b.ProjectName)
-	if projectLabel != byoc.DnsSafeLabel(b.TenantID) {
-		buf.WriteString(projectLabel)
-		buf.WriteByte('.')
-	}
-	buf.WriteString(byoc.DnsSafe(zone))
-	return buf.String()
+	h := sha256.New()
+	fmt.Fprintf(h, "%s.%s.%s.%s", account, b.ProjectName, b.TenantID, zone)
+	return fmt.Sprintf("%x", h.Sum(nil)[:8]) + "." + byoc.DnsSafe(zone)
 }
 
 func (b *ByocAws) TearDown(ctx context.Context) error {
diff --git a/src/pkg/cli/client/byoc/aws/byoc_test.go b/src/pkg/cli/client/byoc/aws/byoc_test.go
@@ -23,17 +23,17 @@ func TestDomainMultipleProjectSupport(t *testing.T) {
 		PublicFqdn  string
 		PrivateFqdn string
 	}{
-		{"tenant1", "tenant1", "web", port80, "web--80.123456789012.example.com", "web.123456789012.example.com", "web.tenant1.internal"},
-		{"tenant1", "tenant1", "web", hostModePort, "web.tenant1.internal:80", "web.123456789012.example.com", "web.tenant1.internal"},
-		{"project1", "tenant1", "web", port80, "web--80.123456789012.project1.example.com", "web.123456789012.project1.example.com", "web.project1.internal"},
-		{"Project1", "tenant1", "web", port80, "web--80.123456789012.project1.example.com", "web.123456789012.project1.example.com", "web.project1.internal"},
-		{"project1", "tenant1", "web", hostModePort, "web.project1.internal:80", "web.123456789012.project1.example.com", "web.project1.internal"},
-		{"project1", "tenant1", "api", port8080, "api--8080.123456789012.project1.example.com", "api.123456789012.project1.example.com", "api.project1.internal"},
-		{"tenant1", "tenant1", "web", port80, "web--80.123456789012.example.com", "web.123456789012.example.com", "web.tenant1.internal"},
-		{"tenant1", "tenant1", "web", hostModePort, "web.tenant1.internal:80", "web.123456789012.example.com", "web.tenant1.internal"},
-		{"Project1", "tenant1", "web", port80, "web--80.123456789012.project1.example.com", "web.123456789012.project1.example.com", "web.project1.internal"},
-		{"Tenant2", "tenant1", "web", port80, "web--80.123456789012.tenant2.example.com", "web.123456789012.tenant2.example.com", "web.tenant2.internal"},
-		{"tenant1", "tenAnt1", "web", port80, "web--80.123456789012.example.com", "web.123456789012.example.com", "web.tenant1.internal"},
+		{"tenant1", "tenant1", "web", port80, "web--80.1fa1857b71717f6b.example.com", "web.1fa1857b71717f6b.example.com", "web.tenant1.internal"},
+		{"tenant1", "tenant1", "web", hostModePort, "web.tenant1.internal:80", "web.1fa1857b71717f6b.example.com", "web.tenant1.internal"},
+		{"project1", "tenant1", "web", port80, "web--80.1ac7562668796635.example.com", "web.1ac7562668796635.example.com", "web.project1.internal"},
+		{"Project1", "tenant1", "web", port80, "web--80.40b35d8b26ff71ae.example.com", "web.40b35d8b26ff71ae.example.com", "web.project1.internal"},
+		{"project1", "tenant1", "web", hostModePort, "web.project1.internal:80", "web.1ac7562668796635.example.com", "web.project1.internal"},
+		{"project1", "tenant1", "api", port8080, "api--8080.1ac7562668796635.example.com", "api.1ac7562668796635.example.com", "api.project1.internal"},
+		{"tenant1", "tenant1", "web", port80, "web--80.1fa1857b71717f6b.example.com", "web.1fa1857b71717f6b.example.com", "web.tenant1.internal"},
+		{"tenant1", "tenant1", "web", hostModePort, "web.tenant1.internal:80", "web.1fa1857b71717f6b.example.com", "web.tenant1.internal"},
+		{"Project1", "tenant1", "web", port80, "web--80.40b35d8b26ff71ae.example.com", "web.40b35d8b26ff71ae.example.com", "web.project1.internal"},
+		{"Tenant2", "tenant1", "web", port80, "web--80.f5600a0d61784e9d.example.com", "web.f5600a0d61784e9d.example.com", "web.tenant2.internal"},
+		{"tenant1", "tenAnt1", "web", port80, "web--80.7360f2237c979f46.example.com", "web.7360f2237c979f46.example.com", "web.tenant1.internal"},
 	}
 
 	for _, tt := range tests {
