From 07c14070788341dc2cd3e0b28957ad14c1939bf4 Mon Sep 17 00:00:00 2001
From: Ruixian Song <songrx@google.com>
Date: Thu, 18 May 2023 17:09:29 -0700
Subject: [PATCH] Add CheckRuleHostOverwrite to check-gke-ingress

---
 cmd/check-gke-ingress/app/ingress/rule.go     | 12 ++++++
 .../app/ingress/rule_test.go                  | 43 +++++++++++++++++++
 2 files changed, 55 insertions(+)

diff --git a/cmd/check-gke-ingress/app/ingress/rule.go b/cmd/check-gke-ingress/app/ingress/rule.go
index 8377e56ffc..f042c0887e 100644
--- a/cmd/check-gke-ingress/app/ingress/rule.go
+++ b/cmd/check-gke-ingress/app/ingress/rule.go
@@ -113,6 +113,18 @@ func CheckFrontendConfigExistence(namespace, name string, client feconfigclient.
 	return feConfig, report.Passed, fmt.Sprintf("FrontendConfig %s/%s found", namespace, name)
 }
 
+// CheckRuleHostOverwrite checks whether hosts of ingress rules are unique.
+func CheckRuleHostOverwrite(rules []networkingv1.IngressRule) (string, string) {
+	hostSet := make(map[string]struct{})
+	for _, rule := range rules {
+		if _, ok := hostSet[rule.Host]; ok {
+			return report.Failed, fmt.Sprintf("Ingress rules have identical host: %s", rule.Host)
+		}
+		hostSet[rule.Host] = struct{}{}
+	}
+	return report.Passed, fmt.Sprintf("Ingress rule hosts are unique")
+}
+
 // getBackendConfigAnnotation gets the BackendConfig annotation from a service.
 func getBackendConfigAnnotation(svc *corev1.Service) (string, bool) {
 	for _, bcKey := range []string{annotations.BackendConfigKey, annotations.BetaBackendConfigKey} {
diff --git a/cmd/check-gke-ingress/app/ingress/rule_test.go b/cmd/check-gke-ingress/app/ingress/rule_test.go
index 54c9620e21..28b971b4e7 100644
--- a/cmd/check-gke-ingress/app/ingress/rule_test.go
+++ b/cmd/check-gke-ingress/app/ingress/rule_test.go
@@ -350,3 +350,46 @@ func TestCheckIngressRule(t *testing.T) {
 		}
 	}
 }
+
+func TestCheckRuleHostOverwrite(t *testing.T) {
+	for _, tc := range []struct {
+		desc   string
+		rules  []networkingv1.IngressRule
+		expect string
+	}{
+		{
+			desc:   "Empty rules",
+			rules:  []networkingv1.IngressRule{},
+			expect: report.Passed,
+		},
+		{
+			desc: "Rules with identical host",
+			rules: []networkingv1.IngressRule{
+				{
+					Host: "foo.bar.com",
+				},
+				{
+					Host: "foo.bar.com",
+				},
+			},
+			expect: report.Failed,
+		},
+		{
+			desc: "Rules with unique hosts",
+			rules: []networkingv1.IngressRule{
+				{
+					Host: "foo.bar.com",
+				},
+				{
+					Host: "abc.xyz.com",
+				},
+			},
+			expect: report.Passed,
+		},
+	} {
+		res, _ := CheckRuleHostOverwrite(tc.rules)
+		if res != tc.expect {
+			t.Errorf("For test case %q, expect check result = %s, but got %s", tc.desc, tc.expect, res)
+		}
+	}
+}