Fix rule condition match logic

DefangLabs · Apr 4, 2024 · 2118ecc · 2118ecc
1 parent 0d4a517
commit 2118ecc
Show file tree

Hide file tree

Showing 2 changed files with 56 additions and 14 deletions.
diff --git a/aws/alb/updatealb.go b/aws/alb/updatealb.go
@@ -31,21 +31,10 @@ func DeleteListenerPathRule(ctx context.Context, listenerArn string, target Rule
 	}
 
 	ruleArn := ""
-rules:
 	for _, rule := range rulesOutput.Rules {
-		for _, cond := range rule.Conditions {
-			if cond.PathPatternConfig != nil && target.PathPattern != nil && sameStringSlicesUnordered(cond.PathPatternConfig.Values, target.PathPattern) {
-				continue rules
-			}
-			if cond.HostHeaderConfig != nil && target.HostHeader != nil && sameStringSlicesUnordered(cond.HostHeaderConfig.Values, target.HostHeader) {
-				continue rules
-			}
-			// Only path and host header conditions are supported for now
-			if cond.SourceIpConfig != nil || cond.QueryStringConfig != nil || cond.HttpHeaderConfig != nil || cond.HttpRequestMethodConfig != nil {
-				continue rules
-			}
+		if RuleConditionMatches(rule, target) {
 			ruleArn = *rule.RuleArn
-			break rules
+			break
 		}
 	}
 
@@ -63,6 +52,47 @@ rules:
 	return nil
 }
 
+// TODO: Add unit test
+func RuleConditionMatches(rule types.Rule, target RuleCondition) bool {
+	// Only path and host header conditions are supported for now
+	for _, cond := range rule.Conditions {
+		if cond.SourceIpConfig != nil || cond.QueryStringConfig != nil || cond.HttpHeaderConfig != nil || cond.HttpRequestMethodConfig != nil {
+			return false
+		}
+	}
+
+	if target.PathPattern != nil {
+		found := false
+		for _, cond := range rule.Conditions {
+			if cond.PathPatternConfig != nil {
+				if !sameStringSlicesUnordered(cond.PathPatternConfig.Values, target.PathPattern) {
+					return false
+				}
+				found = true
+			}
+		}
+		if !found {
+			return false
+		}
+	}
+
+	if target.HostHeader != nil {
+		found := false
+		for _, cond := range rule.Conditions {
+			if cond.HostHeaderConfig != nil {
+				if !sameStringSlicesUnordered(cond.HostHeaderConfig.Values, target.HostHeader) {
+					return false
+				}
+				found = true
+			}
+			if !found {
+				return false
+			}
+		}
+	}
+	return true
+}
+
 func AddListenerStaticRule(ctx context.Context, listenerArn string, ruleCond RuleCondition, value string) error {
 	svc := elbv2.NewFromConfig(aws.LoadConfig())
 

diff --git a/cmd/inspect/main.go b/cmd/inspect/main.go
@@ -5,10 +5,11 @@ import (
 	"fmt"
 
 	"defang.io/cloudacme/aws"
+	"defang.io/cloudacme/aws/alb"
 	elbv2 "github.com/aws/aws-sdk-go-v2/service/elasticloadbalancingv2"
 )
 
-var listenerArn = "arn:aws:elasticloadbalancing:us-west-2:381492210770:listener/app/Defang-dayifu2-beta-alb/6f1d3e4bf5cbac4b/84ccc1071870455c"
+var listenerArn = "arn:aws:elasticloadbalancing:us-west-2:381492210770:listener/app/Defang-dayifu2-beta-alb/5eb772581ea25ded/b4aac40fca2063e5"
 var path = "/"
 
 func main() {
@@ -23,6 +24,11 @@ func main() {
 		panic(err)
 	}
 
+	ruleCond := alb.RuleCondition{
+		HostHeader:  []string{"web.dayifu.net"},
+		PathPattern: []string{"/.well-known/acme-challenge/4JXzPaiGZs-x_MADGpPbiB8EoK_Fba_TgZsr7hfT6fA"},
+	}
+
 	for _, rule := range rulesOutput.Rules {
 		fmt.Printf("RuleArn: %v\n", *rule.RuleArn)
 		for _, condition := range rule.Conditions {
@@ -47,5 +53,11 @@ func main() {
 			}
 			fmt.Printf("Values: %v\n", condition.Values)
 		}
+
+		if alb.RuleConditionMatches(rule, ruleCond) {
+			fmt.Printf("RuleArn: %v Matches target %v\n", *rule.RuleArn, ruleCond)
+		}
+
+		fmt.Printf("\n\n")
 	}
 }