Legacy cherrypick (#7965)
* update default block list,docs, tests (#7942) * update default block list,docs, tests * fix config for admin test * gofmt * remove the err return * Change sanitization message from error to warning (#7963) Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@gmail.com> * duplicate test Co-authored-by: Ricardo Katz <rikatz@users.noreply.github.com>
This commit is contained in:
James Strong
GitHub
parent
b159577c23
commit
18e6eb0a31
7 changed files with 89 additions and 74 deletions
|
|
@ -146,6 +146,34 @@ var _ = framework.IngressNginxDescribe("[Serial] admission controller", func() {
|
|||
}
|
||||
})
|
||||
|
||||
ginkgo.It("should return an error if there is an invalid value in some annotation", func() {
|
||||
host := "admission-test"
|
||||
|
||||
annotations := map[string]string{
|
||||
"nginx.ingress.kubernetes.io/connection-proxy-header": "a;}",
|
||||
}
|
||||
|
||||
f.UpdateNginxConfigMapData("annotation-value-word-blocklist", "}")
|
||||
|
||||
firstIngress := framework.NewSingleIngress("first-ingress", "/", host, f.Namespace, framework.EchoService, 80, annotations)
|
||||
_, err := f.KubeClientSet.NetworkingV1beta1().Ingresses(f.Namespace).Create(context.TODO(), firstIngress, metav1.CreateOptions{})
|
||||
assert.NotNil(ginkgo.GinkgoT(), err, "creating an ingress with invalid annotation value should return an error")
|
||||
})
|
||||
|
||||
ginkgo.It("should return an error if there is a forbidden value in some annotation", func() {
|
||||
host := "admission-test"
|
||||
|
||||
annotations := map[string]string{
|
||||
"nginx.ingress.kubernetes.io/connection-proxy-header": "set_by_lua",
|
||||
}
|
||||
|
||||
f.UpdateNginxConfigMapData("annotation-value-word-blocklist", "set_by_lua")
|
||||
|
||||
firstIngress := framework.NewSingleIngress("first-ingress", "/", host, f.Namespace, framework.EchoService, 80, annotations)
|
||||
_, err := f.KubeClientSet.NetworkingV1beta1().Ingresses(f.Namespace).Create(context.TODO(), firstIngress, metav1.CreateOptions{})
|
||||
assert.NotNil(ginkgo.GinkgoT(), err, "creating an ingress with invalid annotation value should return an error")
|
||||
})
|
||||
|
||||
ginkgo.It("should not return an error if the Ingress V1 definition is valid", func() {
|
||||
if !f.IsIngressV1Ready {
|
||||
ginkgo.Skip("Test requires Kubernetes v1.19 or higher")
|
||||
|
|
@ -189,17 +217,6 @@ var _ = framework.IngressNginxDescribe("[Serial] admission controller", func() {
|
|||
_, err := f.KubeClientSet.NetworkingV1beta1().Ingresses(f.Namespace).Create(context.TODO(), firstIngress, metav1.CreateOptions{})
|
||||
assert.NotNil(ginkgo.GinkgoT(), err, "creating an ingress with invalid annotation value should return an error")
|
||||
})
|
||||
|
||||
ginkgo.It("should return an error if there is a forbidden value in some annotation", func() {
|
||||
host := "admission-test"
|
||||
|
||||
annotations := map[string]string{
|
||||
"nginx.ingress.kubernetes.io/connection-proxy-header": "set_by_lua",
|
||||
}
|
||||
firstIngress := framework.NewSingleIngress("first-ingress", "/", host, f.Namespace, framework.EchoService, 80, annotations)
|
||||
_, err := f.KubeClientSet.NetworkingV1beta1().Ingresses(f.Namespace).Create(context.TODO(), firstIngress, metav1.CreateOptions{})
|
||||
assert.NotNil(ginkgo.GinkgoT(), err, "creating an ingress with invalid annotation value should return an error")
|
||||
})
|
||||
})
|
||||
|
||||
func uninstallChart(f *framework.Framework) error {
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue