fix reintroduced bug

Author: sarthyparty

internal/controller/state/graph/policies.go

@@ -455,33 +455,90 @@ func checkTargetRoutesForOverlap(
 // as a route referenced in a policy.
 func checkForRouteOverlap(route *L7Route, hostPortPaths map[string]string) *conditions.Condition {
 	for _, parentRef := range route.ParentRefs {
-		if parentRef.Attachment != nil {
-			port := parentRef.Attachment.ListenerPort
-			for _, hostname := range parentRef.Attachment.AcceptedHostnames {
-				for _, rule := range route.Spec.Rules {
-					for _, match := range rule.Matches {
-						if match.Path != nil && match.Path.Value != nil {
-							key := fmt.Sprintf("%s:%d%s", hostname, port, *match.Path.Value)
-							if val, ok := hostPortPaths[key]; !ok {
-								hostPortPaths[key] = fmt.Sprintf("%s/%s", route.Source.GetNamespace(), route.Source.GetName())
-							} else {
-								conflictingRouteName := fmt.Sprintf("%s/%s", route.Source.GetNamespace(), route.Source.GetName())
-								msg := fmt.Sprintf("Policy cannot be applied to target %q since another "+
-									"Route %q shares a hostname:port/path combination with this target", val, conflictingRouteName)
-								cond := conditions.NewPolicyNotAcceptedTargetConflict(msg)
-
-								return &cond
-							}
-						}
-					}
-				}
+		if parentRef.Attachment == nil {
+			continue
+		}
+
+		port := parentRef.Attachment.ListenerPort
+		for _, hostnames := range parentRef.Attachment.AcceptedHostnames {
+			mergedHostnames := getMergedHostnames(route, hostnames)
+			if cond := checkHostnamesOverlap(route, mergedHostnames, port, hostPortPaths); cond != nil {
+				return cond
 			}
 		}
 	}
+	return nil
+}
+
+func getMergedHostnames(route *L7Route, hostnames []string) []string {
+	mergedHostnames := make([]string, 0)
+	for _, hostname := range hostnames {
+		if len(route.Spec.Hostnames) > 0 {
+			mergedHostnames = append(mergedHostnames, getHostnameMatches(hostname, route.Spec.Hostnames)...)
+		} else {
+			mergedHostnames = append(mergedHostnames, hostname)
+		}
+	}
+	return mergedHostnames
+}
+
+func getHostnameMatches(hostname string, routeHostnames []v1.Hostname) []string {
+	foundExactMatch := false
+	moreSpecificHostnames := make([]string, 0)
+
+	for _, h := range routeHostnames {
+		if hostname == string(h) {
+			foundExactMatch = true
+			break
+		}
+		if Match(hostname, string(h)) {
+			moreSpecificHostnames = append(moreSpecificHostnames, GetMoreSpecificHostname(hostname, string(h)))
+		}
+	}
 
+	if foundExactMatch {
+		return []string{}
+	}
+	return moreSpecificHostnames
+}
+
+func checkHostnamesOverlap(
+	route *L7Route, hostnames []string, port v1.PortNumber, hostPortPaths map[string]string,
+) *conditions.Condition {
+	for _, hostname := range hostnames {
+		if cond := checkHostnamePathsOverlap(route, hostname, port, hostPortPaths); cond != nil {
+			return cond
+		}
+	}
 	return nil
 }
 
+func checkHostnamePathsOverlap(
+	route *L7Route, hostname string, port v1.PortNumber, hostPortPaths map[string]string,
+) *conditions.Condition {
+	for _, rule := range route.Spec.Rules {
+		for _, match := range rule.Matches {
+			if match.Path != nil && match.Path.Value != nil {
+				key := fmt.Sprintf("%s:%d%s", hostname, port, *match.Path.Value)
+				if val, ok := hostPortPaths[key]; !ok {
+					hostPortPaths[key] = fmt.Sprintf("%s/%s", route.Source.GetNamespace(), route.Source.GetName())
+				} else {
+					return createTargetConflictCondition(route, val)
+				}
+			}
+		}
+	}
+	return nil
+}
+
+func createTargetConflictCondition(route *L7Route, conflictingRoute string) *conditions.Condition {
+	conflictingRouteName := fmt.Sprintf("%s/%s", route.Source.GetNamespace(), route.Source.GetName())
+	msg := fmt.Sprintf("Policy cannot be applied to target %q since another "+
+		"Route %q shares a hostname:port/path combination with this target", conflictingRoute, conflictingRouteName)
+	cond := conditions.NewPolicyNotAcceptedTargetConflict(msg)
+	return &cond
+}
+
 // buildHostPortPaths uses the same logic as checkForRouteOverlap, except it's
 // simply initializing the hostPortPaths map with the route that's referenced in the Policy,
 // so it doesn't care about the return value.

internal/controller/state/graph/policies_test.go

@@ -1297,6 +1297,43 @@ func TestProcessPolicies_RouteOverlap(t *testing.T) {
 				},
 			},
 		},
+		{
+			name:      "no overlap different hostnames (hostname slice bug regression test)",
+			validator: &policiesfakes.FakeValidator{},
+			policies: map[PolicyKey]policies.Policy{
+				pol1Key: pol1,
+				pol3Key: pol3,
+			},
+			routes: map[RouteKey]*L7Route{
+				{
+					RouteType:      RouteTypeHTTP,
+					NamespacedName: types.NamespacedName{Namespace: testNs, Name: "hr-coffee"},
+				}: createTestRouteWithPathsAndHostname("hr-coffee", "app1.playground.testapis.net", "/"),
+				{
+					RouteType:      RouteTypeHTTP,
+					NamespacedName: types.NamespacedName{Namespace: testNs, Name: "hr-coffee-tea"},
+				}: createTestRouteWithPathsAndHostname("hr-coffee-tea", "app2.playground.testapis.net", "/"),
+			},
+			valid: true,
+		},
+		{
+			name:      "no overlap wildcard listener with specific route hostnames",
+			validator: &policiesfakes.FakeValidator{},
+			policies: map[PolicyKey]policies.Policy{
+				pol1Key: pol1, // Policy targeting first route only
+			},
+			routes: map[RouteKey]*L7Route{
+				{
+					RouteType:      RouteTypeHTTP,
+					NamespacedName: types.NamespacedName{Namespace: testNs, Name: "hr-coffee"},
+				}: createTestRouteWithWildcardListener("hr-coffee", "*.example.com", []string{"api.example.com"}, "/"),
+				{
+					RouteType:      RouteTypeHTTP,
+					NamespacedName: types.NamespacedName{Namespace: testNs, Name: "hr-coffee-tea"},
+				}: createTestRouteWithWildcardListener("hr-coffee-tea", "*.example.com", []string{"web.example.com"}, "/"),
+			},
+			valid: true,
+		},
 	}
 
 	gateways := map[types.NamespacedName]*Gateway{
@@ -1630,6 +1667,92 @@ func createTestRouteWithPaths(name string, paths ...string) *L7Route {
 	return route
 }
 
+func createTestRouteWithPathsAndHostname(name string, hostname string, paths ...string) *L7Route {
+	routeMatches := make([]v1.HTTPRouteMatch, 0, len(paths))
+
+	for _, path := range paths {
+		routeMatches = append(routeMatches, v1.HTTPRouteMatch{
+			Path: &v1.HTTPPathMatch{
+				Type:  helpers.GetPointer(v1.PathMatchExact),
+				Value: helpers.GetPointer(path),
+			},
+		})
+	}
+
+	route := &L7Route{
+		Source: &v1.HTTPRoute{
+			ObjectMeta: metav1.ObjectMeta{
+				Name:      name,
+				Namespace: testNs,
+			},
+		},
+		Spec: L7RouteSpec{
+			Rules: []RouteRule{
+				{Matches: routeMatches},
+			},
+		},
+		ParentRefs: []ParentRef{
+			{
+				Attachment: &ParentRefAttachmentStatus{
+					AcceptedHostnames: map[string][]string{"listener-1": {hostname}},
+					ListenerPort:      80,
+				},
+			},
+		},
+	}
+
+	return route
+}
+
+func createTestRouteWithWildcardListener(
+	name string,
+	listenerHostname string,
+	routeHostnames []string,
+	paths ...string,
+) *L7Route {
+	routeMatches := make([]v1.HTTPRouteMatch, 0, len(paths))
+
+	for _, path := range paths {
+		routeMatches = append(routeMatches, v1.HTTPRouteMatch{
+			Path: &v1.HTTPPathMatch{
+				Type:  helpers.GetPointer(v1.PathMatchExact),
+				Value: helpers.GetPointer(path),
+			},
+		})
+	}
+
+	// Convert string slice to v1.Hostname slice
+	specHostnames := make([]v1.Hostname, 0, len(routeHostnames))
+	for _, h := range routeHostnames {
+		specHostnames = append(specHostnames, v1.Hostname(h))
+	}
+
+	route := &L7Route{
+		Source: &v1.HTTPRoute{
+			ObjectMeta: metav1.ObjectMeta{
+				Name:      name,
+				Namespace: testNs,
+			},
+		},
+		Spec: L7RouteSpec{
+			Hostnames: specHostnames,
+			Rules: []RouteRule{
+				{Matches: routeMatches},
+			},
+		},
+		ParentRefs: []ParentRef{
+			{
+				Attachment: &ParentRefAttachmentStatus{
+					AcceptedHostnames: map[string][]string{"listener-1": {listenerHostname}},
+					ListenerPort:      80,
+				},
+			},
+		},
+	}
+
+	return route
+}
+
 func getGatewayParentRef(gwNsName types.NamespacedName) v1.ParentReference {
 	return v1.ParentReference{
 		Group:     helpers.GetPointer[v1.Group](v1.GroupName),

internal/controller/state/graph/route_common.go

@@ -926,15 +926,15 @@ func findAcceptedHostnames(listenerHostname *v1.Hostname, routeHostnames []v1.Ho
 
 	for _, h := range routeHostnames {
 		routeHost := string(h)
-		if match(hostname, routeHost) {
+		if Match(hostname, routeHost) {
 			result = append(result, GetMoreSpecificHostname(hostname, routeHost))
 		}
 	}
 
 	return result
 }
 
-func match(listenerHost, routeHost string) bool {
+func Match(listenerHost, routeHost string) bool {
 	if listenerHost == "" {
 		return true
 	}