keep the original HashString for backward compatibility

Signed-off-by: huabing zhao <zhaohuabing@gmail.com>
envoyproxy · Feb 23, 2024 · e958010 · e958010
1 parent 3258155
commit e958010
Show file tree

Hide file tree

Showing 5 changed files with 24 additions and 12 deletions.
diff --git a/internal/gatewayapi/securitypolicy.go b/internal/gatewayapi/securitypolicy.go
@@ -493,7 +493,7 @@ func (t *Translator) buildOIDC(
 	}
 
 	// Generate a unique cookie suffix for oauth filters
-	suffix := utils.Digest(string(policy.UID))
+	suffix := utils.Digest32(string(policy.UID))
 
 	return &ir.OIDC{
 		Provider:     *provider,

diff --git a/internal/infrastructure/kubernetes/proxy_serviceaccount_test.go b/internal/infrastructure/kubernetes/proxy_serviceaccount_test.go
@@ -54,7 +54,7 @@ func TestCreateOrUpdateProxyServiceAccount(t *testing.T) {
 				},
 				ObjectMeta: metav1.ObjectMeta{
 					Namespace: "test",
-					Name:      "envoy-test-afd071e5",
+					Name:      "envoy-test-9f86d081",
 					Labels: map[string]string{
 						"app.kubernetes.io/name":               "envoy",
 						"app.kubernetes.io/component":          "proxy",
@@ -103,7 +103,7 @@ func TestCreateOrUpdateProxyServiceAccount(t *testing.T) {
 				},
 				ObjectMeta: metav1.ObjectMeta{
 					Namespace: "test",
-					Name:      "envoy-test-afd071e5",
+					Name:      "envoy-test-9f86d081",
 					Labels: map[string]string{
 						"app.kubernetes.io/name":               "envoy",
 						"app.kubernetes.io/component":          "proxy",

diff --git a/internal/provider/kubernetes/kubernetes_test.go b/internal/provider/kubernetes/kubernetes_test.go
@@ -37,6 +37,7 @@ import (
 	"github.com/envoyproxy/gateway/internal/gatewayapi"
 	"github.com/envoyproxy/gateway/internal/message"
 	"github.com/envoyproxy/gateway/internal/provider/kubernetes/test"
+	"github.com/envoyproxy/gateway/internal/utils"
 )
 
 const (

diff --git a/internal/utils/misc.go b/internal/utils/misc.go
@@ -6,6 +6,7 @@
 package utils
 
 import (
+	"crypto/sha256"
 	"fmt"
 	"hash/fnv"
 	"strings"
@@ -25,20 +26,30 @@ func NamespacedName(obj client.Object) types.NamespacedName {
 // GetHashedName returns a partially hashed name for the string including up to the given length of the original name characters before the hash.
 // Input `nsName` should be formatted as `{Namespace}/{ResourceName}`.
 func GetHashedName(nsName string, length int) string {
-	hashedName := Digest(nsName)
+	hashedName := Digest256(nsName)
 	// replace `/` with `-` to create a valid K8s resource name
 	resourceName := strings.ReplaceAll(nsName, "/", "-")
 	if length > 0 && len(resourceName) > length {
 		// resource name needs to be trimmed, as container port name must not contain consecutive hyphens
 		trimmedName := strings.TrimSuffix(resourceName[0:length], "-")
-		return fmt.Sprintf("%s-%s", trimmedName, hashedName)
+		return fmt.Sprintf("%s-%s", trimmedName, hashedName[0:8])
 	}
-	return fmt.Sprintf("%s-%s", resourceName, hashedName)
+	// Ideally we should use 32-bit hash instead of 64-bit hash and return the first 8 characters of the hash.
+	// However, we are using 64-bit hash to maintain backward compatibility.
+	return fmt.Sprintf("%s-%s", resourceName, hashedName[0:8])
 }
 
-// Digest returns a 32-bit hashh of the input string.
-// The hash is represented as a capitalized hexadecimal string.
-func Digest(str string) string {
+// Digest256 returns a sha256 hash of the input string.
+// The hash is represented as a hexadecimal string of length 64.
+func Digest256(str string) string {
+	h := sha256.New() // Using sha256 instead of sha1 due to Blocklisted import crypto/sha1: weak cryptographic primitive (gosec)
+	h.Write([]byte(str))
+	return strings.ToLower(fmt.Sprintf("%x", h.Sum(nil)))
+}
+
+// Digest32 returns a 32-bit hash of the input string.
+// The hash is represented as a hexadecimal string of length 8.
+func Digest32(str string) string {
 	h := fnv.New32a()
 	_, _ = h.Write([]byte(str))
 	return fmt.Sprintf("%x", h.Sum32())

diff --git a/internal/utils/misc_test.go b/internal/utils/misc_test.go
@@ -18,9 +18,9 @@ func TestGetHashedName(t *testing.T) {
 		length   int
 		expected string
 	}{
-		{"test default name", "http", 6, "http-c96448a5"},
-		{"test removing trailing slash", "namespace/name", 10, "namespace-3c4f601e"},
-		{"test removing trailing hyphen", "envoy-gateway-system/eg/http", 6, "envoy-128ffda5"},
+		{"test default name", "http", 6, "http-e0603c49"},
+		{"test removing trailing slash", "namespace/name", 10, "namespace-18a6500f"},
+		{"test removing trailing hyphen", "envoy-gateway-system/eg/http", 6, "envoy-2ecf157b"},
 	}
 
 	for _, tc := range testCases {