Admission warning (#9975)

* Add warning feature in admission code * Apply suggestions from code review Co-authored-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * Add deprecation and validation path notice --------- Co-authored-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
2023-05-25 11:56:52 -03:00 · 2023-05-25 11:56:52 -03:00 · 1282345be2
commit 1282345be2
parent 897783557a
4 changed files with 177 additions and 0 deletions
--- a/internal/ingress/controller/controller_test.go
+++ b/internal/ingress/controller/controller_test.go
@ -352,6 +352,113 @@ func TestCheckIngress(t *testing.T) {
 	})
 }

+func TestCheckWarning(t *testing.T) {
+
+	// Ensure no panic with wrong arguments
+	var nginx = &NGINXController{}
+
+	nginx.t = fakeTemplate{}
+	nginx.store = fakeIngressStore{
+		ingresses: []*ingress.Ingress{},
+	}
+
+	ing := &networking.Ingress{
+		ObjectMeta: metav1.ObjectMeta{
+			Name:        "test-ingress-warning",
+			Namespace:   "user-namespace",
+			Annotations: map[string]string{},
+		},
+		Spec: networking.IngressSpec{
+			Rules: []networking.IngressRule{
+				{
+					Host: "example.com",
+				},
+			},
+		},
+	}
+	t.Run("when a deprecated annotation is used a warning should be returned", func(t *testing.T) {
+		ing.ObjectMeta.Annotations[parser.GetAnnotationWithPrefix("enable-influxdb")] = "true"
+		defer func() {
+			ing.ObjectMeta.Annotations = map[string]string{}
+		}()
+
+		warnings, err := nginx.CheckWarning(ing)
+		if err != nil {
+			t.Errorf("no error should be returned, but %s was returned", err)
+		}
+		if len(warnings) != 1 {
+			t.Errorf("expected 1 warning to occur but %d occured", len(warnings))
+		} else {
+			t.Logf("got warning %s correctly", warnings[0])
+		}
+	})
+
+	t.Run("When an invalid pathType is used, a warning should be returned", func(t *testing.T) {
+
+		rules := ing.Spec.DeepCopy().Rules
+		ing.Spec.Rules = []networking.IngressRule{
+			{
+				Host: "example.com",
+				IngressRuleValue: networking.IngressRuleValue{
+					HTTP: &networking.HTTPIngressRuleValue{
+						Paths: []networking.HTTPIngressPath{
+							{
+								Path:     "/xpto{$2}",
+								PathType: &pathTypePrefix,
+							},
+							{
+								Path:     "/ok",
+								PathType: &pathTypeExact,
+							},
+						},
+					},
+				},
+			},
+		}
+		defer func() {
+			ing.Spec.Rules = rules
+		}()
+
+		warnings, err := nginx.CheckWarning(ing)
+		if err != nil {
+			t.Errorf("no error should be returned, but %s was returned", err)
+		}
+		if len(warnings) != 1 {
+			t.Errorf("expected 1 warning to occur but %d occured", len(warnings))
+		} else {
+			t.Logf("got warnings %v correctly", warnings)
+		}
+
+		t.Run("adding invalid annotations increases the warning count", func(t *testing.T) {
+			ing.ObjectMeta.Annotations[parser.GetAnnotationWithPrefix("enable-influxdb")] = "true"
+			ing.ObjectMeta.Annotations[parser.GetAnnotationWithPrefix("secure-verify-ca-secret")] = "true"
+			ing.ObjectMeta.Annotations[parser.GetAnnotationWithPrefix("fastcgi-index")] = "blabla"
+			defer func() {
+				ing.ObjectMeta.Annotations = map[string]string{}
+			}()
+			warnings, err := nginx.CheckWarning(ing)
+			if err != nil {
+				t.Errorf("no error should be returned, but %s was returned", err)
+			}
+			if len(warnings) != 4 {
+				t.Errorf("expected 4 warning to occur but %d occured", len(warnings))
+			} else {
+				t.Logf("got warnings %v correctly", warnings)
+			}
+		})
+	})
+
+	t.Run("When the ingress is marked as deleted", func(t *testing.T) {
+		ing.DeletionTimestamp = &metav1.Time{
+			Time: time.Now(),
+		}
+
+		if warnings, err := nginx.CheckWarning(ing); err != nil || len(warnings) != 0 {
+			t.Errorf("when the ingress is marked as deleted, no warning should be returned")
+		}
+	})
+}
+
 func TestMergeAlternativeBackends(t *testing.T) {
 	testCases := map[string]struct {
 		ingress      *ingress.Ingress