fix: deny locations with invalid auth-url annotation (#8256)
* fix: deny locations with invalid auth-url annotation Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com> * Delete duplicate test Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>
This commit is contained in:
Maksim Nabokikh
GitHub
parent
f3698d0445
commit
1e2ce80846
4 changed files with 35 additions and 48 deletions
|
|
@ -294,48 +294,3 @@ func TestCustomHTTPErrors(t *testing.T) {
|
|||
}
|
||||
}
|
||||
}
|
||||
|
||||
/*
|
||||
func TestMergeLocationAnnotations(t *testing.T) {
|
||||
// initial parameters
|
||||
keys := []string{"BasicDigestAuth", "CorsConfig", "ExternalAuth", "RateLimit", "Redirect", "Rewrite", "Whitelist", "Proxy", "UsePortInRedirects"}
|
||||
|
||||
loc := ingress.Location{}
|
||||
annotations := &Ingress{
|
||||
BasicDigestAuth: &auth.Config{},
|
||||
CorsConfig: &cors.Config{},
|
||||
ExternalAuth: &authreq.Config{},
|
||||
RateLimit: &ratelimit.Config{},
|
||||
Redirect: &redirect.Config{},
|
||||
Rewrite: &rewrite.Config{},
|
||||
Whitelist: &ipwhitelist.SourceRange{},
|
||||
Proxy: &proxy.Config{},
|
||||
UsePortInRedirects: true,
|
||||
}
|
||||
|
||||
// create test table
|
||||
type fooMergeLocationAnnotationsStruct struct {
|
||||
fName string
|
||||
er interface{}
|
||||
}
|
||||
fooTests := []fooMergeLocationAnnotationsStruct{}
|
||||
for name, value := range keys {
|
||||
fva := fooMergeLocationAnnotationsStruct{name, value}
|
||||
fooTests = append(fooTests, fva)
|
||||
}
|
||||
|
||||
// execute test
|
||||
MergeWithLocation(&loc, annotations)
|
||||
|
||||
// check result
|
||||
for _, foo := range fooTests {
|
||||
fv := reflect.ValueOf(loc).FieldByName(foo.fName).Interface()
|
||||
if !reflect.DeepEqual(fv, foo.er) {
|
||||
t.Errorf("Returned %v but expected %v for the field %s", fv, foo.er, foo.fName)
|
||||
}
|
||||
}
|
||||
if _, ok := annotations[DeniedKeyName]; ok {
|
||||
t.Errorf("%s should be removed after mergeLocationAnnotations", DeniedKeyName)
|
||||
}
|
||||
}
|
||||
*/
|
||||
|
|
|
|||
|
|
@ -17,13 +17,12 @@ limitations under the License.
|
|||
package auth
|
||||
|
||||
import (
|
||||
"errors"
|
||||
"fmt"
|
||||
"os"
|
||||
"testing"
|
||||
"time"
|
||||
|
||||
"errors"
|
||||
|
||||
api "k8s.io/api/core/v1"
|
||||
networking "k8s.io/api/networking/v1"
|
||||
meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
|
|
|
|||
|
|
@ -164,7 +164,7 @@ func (a authReq) Parse(ing *networking.Ingress) (interface{}, error) {
|
|||
|
||||
authURL, err := parser.StringToURL(urlString)
|
||||
if err != nil {
|
||||
return nil, ing_errors.InvalidContent{Name: err.Error()}
|
||||
return nil, ing_errors.LocationDenied{Reason: fmt.Errorf("could not parse auth-url annotation: %v", err)}
|
||||
}
|
||||
|
||||
authMethod, _ := parser.GetStringAnnotation("auth-method", ing)
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue