Merge pull request #121 from datum-cloud/feat/human-hostnames

feat: make hostnames more human-friendly

Author: zachsmith1

internal/config/config.go

@@ -7,9 +7,10 @@ import (
 	"os"
 	"path/filepath"
 	"slices"
-	"strings"
 	"time"
 
+	words "go.datum.net/network-services-operator/internal/words"
+
 	corev1 "k8s.io/api/core/v1"
 	"k8s.io/apimachinery/pkg/api/resource"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
@@ -632,7 +633,9 @@ func (c *GatewayConfig) ShouldDeleteErroredChallenges() bool {
 }
 
 func (c *GatewayConfig) GatewayDNSAddress(gateway *gatewayv1.Gateway) string {
-	return fmt.Sprintf("%s.%s", strings.ReplaceAll(string(gateway.UID), "-", ""), c.TargetDomain)
+	seed := string(gateway.UID)
+	suffix := fmt.Sprintf(".%s", c.TargetDomain)
+	return words.WordsAndEntropy(suffix, seed)
 }
 
 func (c *GatewayConfig) ConnectorTunnelListenerName() string {

internal/controller/gateway_controller.go

@@ -669,8 +669,8 @@ func (r *GatewayReconciler) ensureHostnamesClaimed(
 	// but is considered sufficient for now.
 
 	for _, hostname := range verifiedHostnames {
-		// No accounting for the gateway DNS address hostname
-		if hostname == r.Config.Gateway.GatewayDNSAddress(upstreamGateway) {
+		// No accounting for platform-managed gateway hostnames.
+		if r.isDatumManagedGatewayHostname(upstreamGateway, hostname) {
 			claimedHostnames = append(claimedHostnames, hostname)
 			continue
 		}
@@ -750,6 +750,28 @@ func (r *GatewayReconciler) ensureHostnamesClaimed(
 	return verifiedHostnames, claimedHostnames, notClaimedHostnames, nil
 }
 
+func (r *GatewayReconciler) isDatumManagedGatewayHostname(upstreamGateway *gatewayv1.Gateway, hostname string) bool {
+	targetDomain := r.Config.Gateway.TargetDomain
+	gatewayUID := string(upstreamGateway.UID)
+	legacyUIDWithoutDashes := strings.ReplaceAll(gatewayUID, "-", "")
+
+	managedBaseHostnames := []string{
+		r.Config.Gateway.GatewayDNSAddress(upstreamGateway),
+		fmt.Sprintf("%s.%s", legacyUIDWithoutDashes, targetDomain),
+		fmt.Sprintf("%s.%s", gatewayUID, targetDomain),
+	}
+
+	for _, managedHostname := range managedBaseHostnames {
+		if hostname == managedHostname ||
+			hostname == fmt.Sprintf("v4.%s", managedHostname) ||
+			hostname == fmt.Sprintf("v6.%s", managedHostname) {
+			return true
+		}
+	}
+
+	return false
+}
+
 // isHostnameVerified returns hostnames found on listeners that are verified. A
 // hostname is considered verified if any verified Domain is found in the same
 // namespace with a `spec.domainName` value that matches the hostname exactly,

internal/controller/gateway_controller_test.go

@@ -4,6 +4,7 @@ import (
 	"context"
 	"fmt"
 	"slices"
+	"strings"
 	"testing"
 
 	cmv1 "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1"
@@ -14,6 +15,7 @@ import (
 	apimeta "k8s.io/apimachinery/pkg/api/meta"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/runtime"
+	"k8s.io/apimachinery/pkg/types"
 	"k8s.io/apimachinery/pkg/util/intstr"
 	"k8s.io/apimachinery/pkg/util/uuid"
 	"k8s.io/client-go/kubernetes/scheme"
@@ -1017,6 +1019,44 @@ func TestEnsureHostnamesClaimed(t *testing.T) {
 				assert.NoError(t, cl.Get(ctx, domainObjectKey, &networkingv1alpha.Domain{}), "expected to find a domain, but encountered an errro")
 			},
 		},
+		{
+			name: "legacy and current datum-managed hostnames bypass claiming",
+			upstreamGateway: func() *gatewayv1.Gateway {
+				legacyUID := types.UID("11111111-1111-1111-1111-111111111111")
+				legacyHostname := fmt.Sprintf("%s.%s", strings.ReplaceAll(string(legacyUID), "-", ""), testConfig.Gateway.TargetDomain)
+				gateway := newGateway(testConfig, upstreamNamespace.Name, "test", func(g *gatewayv1.Gateway) {
+					g.UID = legacyUID
+					g.Spec.Listeners = []gatewayv1.Listener{
+						{
+							Name:     gatewayutil.DefaultHTTPListenerName,
+							Port:     DefaultHTTPPort,
+							Protocol: gatewayv1.HTTPProtocolType,
+							Hostname: ptr.To(gatewayv1.Hostname(legacyHostname)),
+						},
+					}
+				})
+				gateway.Status.Addresses = []gatewayv1.GatewayStatusAddress{
+					{
+						Type:  ptr.To(gatewayv1.HostnameAddressType),
+						Value: legacyHostname,
+					},
+				}
+				return gateway
+			}(),
+			existingDownstreamObjects: []client.Object{
+				&corev1.ConfigMap{
+					ObjectMeta: metav1.ObjectMeta{
+						Namespace: testConfig.Gateway.DownstreamHostnameAccountingNamespace,
+						Name:      "11111111111111111111111111111111.test-suite.com",
+					},
+					Data: map[string]string{
+						"owner": "some/other/gateway",
+					},
+				},
+			},
+			expectedVerifiedHostnames: []string{"11111111111111111111111111111111.test-suite.com"},
+			expectedClaimedHostnames:  []string{"11111111111111111111111111111111.test-suite.com"},
+		},
 		{
 			name: "hostname matches address",
 			upstreamGateway: newGateway(testConfig, upstreamNamespace.Name, "test", func(g *gatewayv1.Gateway) {