From b96f7a4dc691304bf3083066a03aaef224139cb3 Mon Sep 17 00:00:00 2001
From: Manuel de Brito Fontes <aledbf@gmail.com>
Date: Tue, 22 Aug 2017 16:19:56 -0300
Subject: [PATCH] Fix zone duplication

---
 controllers/nginx/pkg/template/template.go    | 40 +++++++++++++------
 .../rootfs/etc/nginx/template/nginx.tmpl      |  3 +-
 2 files changed, 29 insertions(+), 14 deletions(-)

diff --git a/controllers/nginx/pkg/template/template.go b/controllers/nginx/pkg/template/template.go
index 934791121..278c8f0c9 100644
--- a/controllers/nginx/pkg/template/template.go
+++ b/controllers/nginx/pkg/template/template.go
@@ -225,10 +225,7 @@ func buildAuthLocation(input interface{}) string {
 		return ""
 	}
 
-	str := base64.URLEncoding.EncodeToString([]byte(location.Path))
-	// avoid locations containing the = char
-	str = strings.Replace(str, "=", "", -1)
-	return fmt.Sprintf("/_external-auth-%v", str)
+	return fmt.Sprintf("/_external-auth-%v", encode(location.Path))
 }
 
 func buildAuthResponseHeaders(input interface{}) []string {
@@ -362,11 +359,15 @@ func buildRateLimitZones(input interface{}) []string {
 		for _, loc := range server.Locations {
 			lrn := fmt.Sprintf("%v_%v", server.Hostname, loc.RateLimit.Name)
 			whitelistVar := buildWhitelistVariable(lrn)
+			sr := fmt.Sprintf("# Zone: %v %v%v", loc.RateLimit.Name, server.Hostname, loc.Path)
+			b := fmt.Sprintf("%v %v %v", loc.RateLimit.Name, server.Hostname, loc.Path)
+			zn := fmt.Sprintf("zone_%v", encode(b))
 
 			if loc.RateLimit.Connections.Limit > 0 {
-				zone := fmt.Sprintf("limit_conn_zone $limit_%s zone=%v:%vm;",
+				zone := fmt.Sprintf("%v\n\tlimit_conn_zone $limit_%s zone=%v:%vm;",
+					sr,
 					whitelistVar,
-					loc.RateLimit.Connections.Name,
+					zn,
 					loc.RateLimit.Connections.SharedSize)
 				if !zones.Has(zone) {
 					zones.Insert(zone)
@@ -374,9 +375,10 @@ func buildRateLimitZones(input interface{}) []string {
 			}
 
 			if loc.RateLimit.RPM.Limit > 0 {
-				zone := fmt.Sprintf("limit_req_zone $limit_%s zone=%v:%vm rate=%vr/m;",
+				zone := fmt.Sprintf("%v\n\tlimit_req_zone $limit_%s zone=%v:%vm rate=%vr/m;",
+					sr,
 					whitelistVar,
-					loc.RateLimit.RPM.Name,
+					zn,
 					loc.RateLimit.RPM.SharedSize,
 					loc.RateLimit.RPM.Limit)
 				if !zones.Has(zone) {
@@ -385,9 +387,10 @@ func buildRateLimitZones(input interface{}) []string {
 			}
 
 			if loc.RateLimit.RPS.Limit > 0 {
-				zone := fmt.Sprintf("limit_req_zone $limit_%s zone=%v:%vm rate=%vr/s;",
+				zone := fmt.Sprintf("%v\n\tlimit_req_zone $limit_%s zone=%v:%vm rate=%vr/s;",
+					sr,
 					whitelistVar,
-					loc.RateLimit.RPS.Name,
+					zn,
 					loc.RateLimit.RPS.SharedSize,
 					loc.RateLimit.RPS.Limit)
 				if !zones.Has(zone) {
@@ -402,7 +405,7 @@ func buildRateLimitZones(input interface{}) []string {
 
 // buildRateLimit produces an array of limit_req to be used inside the Path of
 // Ingress rules. The order: connections by IP first, then RPS, and RPM last.
-func buildRateLimit(input interface{}) []string {
+func buildRateLimit(s, input interface{}) []string {
 	limits := []string{}
 
 	loc, ok := input.(*ingress.Location)
@@ -410,21 +413,26 @@ func buildRateLimit(input interface{}) []string {
 		return limits
 	}
 
+	server, _ := s.(*ingress.Server)
+
 	if loc.RateLimit.Connections.Limit > 0 {
 		limit := fmt.Sprintf("limit_conn %v %v;",
 			loc.RateLimit.Connections.Name, loc.RateLimit.Connections.Limit)
 		limits = append(limits, limit)
 	}
 
+	b := fmt.Sprintf("%v %v %v", loc.RateLimit.Name, server.Hostname, loc.Path)
+	z := fmt.Sprintf("zone_%v", encode(b))
+
 	if loc.RateLimit.RPS.Limit > 0 {
 		limit := fmt.Sprintf("limit_req zone=%v burst=%v nodelay;",
-			loc.RateLimit.RPS.Name, loc.RateLimit.RPS.Burst)
+			z, loc.RateLimit.RPS.Burst)
 		limits = append(limits, limit)
 	}
 
 	if loc.RateLimit.RPM.Limit > 0 {
 		limit := fmt.Sprintf("limit_req zone=%v burst=%v nodelay;",
-			loc.RateLimit.RPM.Name, loc.RateLimit.RPM.Burst)
+			z, loc.RateLimit.RPM.Burst)
 		limits = append(limits, limit)
 	}
 
@@ -545,3 +553,9 @@ func buildRandomUUID() string {
 	s := uuid.New()
 	return strings.Replace(s, "-", "", -1)
 }
+
+func encode(s string) string {
+	str := base64.URLEncoding.EncodeToString([]byte(s))
+	// avoid locations containing the = char
+	return strings.Replace(str, "=", "", -1)
+}
diff --git a/controllers/nginx/rootfs/etc/nginx/template/nginx.tmpl b/controllers/nginx/rootfs/etc/nginx/template/nginx.tmpl
index 9dca204fc..e9cc40c7f 100644
--- a/controllers/nginx/rootfs/etc/nginx/template/nginx.tmpl
+++ b/controllers/nginx/rootfs/etc/nginx/template/nginx.tmpl
@@ -313,6 +313,7 @@ http {
     {{/* 1MB -> 16 thousand 64-byte states or about 8 thousand 128-byte states */}}
     {{ range $zone := (buildRateLimitZones $servers) }}
     {{ $zone }}
+
     {{ end }}
 
     {{/* Build server redirects (from/to www) */}}
@@ -616,7 +617,7 @@ stream {
         {{ end }}
 
         {{/* if the location contains a rate limit annotation, create one */}}
-        {{ $limits := buildRateLimit $location }}
+        {{ $limits := buildRateLimit $server $location }}
         {{ range $limit := $limits }}
         {{ $limit }}{{ end }}