Skip to content

Commit

Permalink
Use spin.alt domain for service chaining
Browse files Browse the repository at this point in the history
Signed-off-by: itowlson <[email protected]>
  • Loading branch information
itowlson committed Aug 21, 2024
1 parent aa5d74c commit fe31cfa
Show file tree
Hide file tree
Showing 10 changed files with 22 additions and 15 deletions.
12 changes: 9 additions & 3 deletions crates/loader/src/local.rs
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@ use spin_locked_app::{
values::{ValuesMap, ValuesMapBuilder},
};
use spin_manifest::schema::v2::{self, AppManifest, KebabId, WasiFilesMount};
use spin_outbound_networking::SERVICE_CHAINING_DOMAIN_SUFFIX;
use spin_outbound_networking::SERVICE_CHAINING_DOMAIN_SUFFIXES;
use tokio::{io::AsyncWriteExt, sync::Semaphore};

use crate::{cache::Cache, FilesMountStrategy};
Expand Down Expand Up @@ -661,12 +661,18 @@ fn is_chaining_host(pattern: &str) -> bool {
match allowed.host() {
HostConfig::List(hosts) => hosts
.iter()
.any(|h| h.ends_with(SERVICE_CHAINING_DOMAIN_SUFFIX)),
HostConfig::AnySubdomain(domain) => domain == SERVICE_CHAINING_DOMAIN_SUFFIX,
.any(|h| ends_with_any(h, SERVICE_CHAINING_DOMAIN_SUFFIXES)),
HostConfig::AnySubdomain(domain) => {
SERVICE_CHAINING_DOMAIN_SUFFIXES.contains(&domain.as_str())
}
_ => false,
}
}

fn ends_with_any(host: &str, suffixes: &[&str]) -> bool {
suffixes.iter().any(|suffix| host.ends_with(suffix))
}

const SLOTH_WARNING_DELAY_MILLIS: u64 = 1250;

fn warn_if_component_load_slothful() -> sloth::SlothGuard {
Expand Down
2 changes: 1 addition & 1 deletion crates/loader/tests/ui/service-chaining.lock
Original file line number Diff line number Diff line change
Expand Up @@ -55,7 +55,7 @@
"id": "four-lights",
"metadata": {
"allowed_outbound_hosts": [
"http://old-test.spin.internal"
"http://old-test.spin.alt"
]
},
"source": {
Expand Down
2 changes: 1 addition & 1 deletion crates/loader/tests/ui/service-chaining.toml
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@ component = "web"

[component.four-lights]
source = "wasm/dummy.wasm"
allowed_outbound_hosts = ["http://old-test.spin.internal"]
allowed_outbound_hosts = ["http://old-test.spin.alt"]
[component.four-lights.environment]
env1 = "first"
env2 = "second"
Expand Down
3 changes: 2 additions & 1 deletion crates/locked-app/src/locked.rs
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,8 @@ use crate::{
pub type LockedMap<T> = std::collections::BTreeMap<String, T>;

/// If present and required in `host_requirements`, the host must support
/// local service chaining (*.spin.internal) or reject the app.
/// local service chaining (via *.spin.alt, and, for backward compatibility,
/// *.spin.internal) or reject the app.
pub const SERVICE_CHAINING_KEY: &str = "local_service_chaining";

/// Indicates that a host feature is optional. This is the default and is
Expand Down
6 changes: 3 additions & 3 deletions crates/outbound-networking/src/lib.rs
Original file line number Diff line number Diff line change
Expand Up @@ -5,8 +5,8 @@ use spin_locked_app::MetadataKey;

pub const ALLOWED_HOSTS_KEY: MetadataKey<Vec<String>> = MetadataKey::new("allowed_outbound_hosts");

pub const SERVICE_CHAINING_DOMAIN: &str = "spin.internal";
pub const SERVICE_CHAINING_DOMAIN_SUFFIX: &str = ".spin.internal";
pub const SERVICE_CHAINING_DOMAINS: &[&str] = &["spin.alt", "spin.internal"];
pub const SERVICE_CHAINING_DOMAIN_SUFFIXES: &[&str] = &[".spin.alt", ".spin.internal"];

/// Checks address against allowed hosts
///
Expand Down Expand Up @@ -453,7 +453,7 @@ fn parse_service_chaining_host(host: &str) -> Option<String> {

let (first, rest) = host.split_once('.')?;

if rest == SERVICE_CHAINING_DOMAIN {
if SERVICE_CHAINING_DOMAINS.contains(&rest) {
Some(first.to_owned())
} else {
None
Expand Down
4 changes: 2 additions & 2 deletions crates/trigger-http/src/lib.rs
Original file line number Diff line number Diff line change
Expand Up @@ -1201,8 +1201,8 @@ mod tests {

#[test]
fn forbidden_headers_are_removed() {
let mut req = Request::get("http://test.spin.internal")
.header("Host", "test.spin.internal")
let mut req = Request::get("http://test.spin.alt")
.header("Host", "test.spin.alt")
.header("accept", "text/plain")
.body(Default::default())
.unwrap();
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@ component = "front-streaming"

[component.front-streaming]
source = "%{source=internal-http-streaming-front}"
allowed_outbound_hosts = ["http://*.spin.internal"]
allowed_outbound_hosts = ["http://*.spin.alt"]

[[trigger.http]]
route = "/back/..."
Expand Down
2 changes: 1 addition & 1 deletion tests/runtime-tests/tests/internal-http/spin.toml
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@ component = "front"

[component.front]
source = "%{source=internal-http-front}"
allowed_outbound_hosts = ["http://middle.spin.internal"]
allowed_outbound_hosts = ["http://middle.spin.alt"]

[[trigger.http]]
route = { private = true }
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@ async fn handle_front_impl(_req: Request) -> Result<impl IntoResponse, String> {
let mut res: http::Response<String> = ensure_ok!(spin_sdk::http::send(
spin_sdk::http::Request::new(
spin_sdk::http::Method::Get,
"http://middle.spin.internal/hello/from/front"
"http://middle.spin.alt/hello/from/front"
)
)
.await);
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ async fn handle_front_impl(_req: Request) -> Result<impl IntoResponse, String> {
spin_sdk::http::Fields::new()
);
out_req.set_method(&spin_sdk::http::Method::Post).unwrap();
out_req.set_authority(Some("back-streaming.spin.internal")).unwrap();
out_req.set_authority(Some("back-streaming.spin.alt")).unwrap();
out_req.set_scheme(Some(&spin_sdk::http::Scheme::Http)).unwrap();
out_req.set_path_with_query(Some("/")).unwrap();

Expand Down

0 comments on commit fe31cfa

Please sign in to comment.