Adds support for other Cors directives

CORS annotations improvements Cors improvements Cors improevements Cors improvements Cors improvements
2017-10-19 18:03:02 -02:00 · 2017-10-19 18:03:02 -02:00 · 2097676ca8
commit 2097676ca8
parent 99a355f25d
10 changed files with 277 additions and 83 deletions
--- a/pkg/ingress/controller/annotations.go
+++ b/pkg/ingress/controller/annotations.go
@ -67,7 +67,7 @@ func newAnnotationExtractor(cfg extractorConfig) annotationExtractor {
 			"BasicDigestAuth":      auth.NewParser(auth.AuthDirectory, cfg),
 			"ExternalAuth":         authreq.NewParser(),
 			"CertificateAuth":      authtls.NewParser(cfg),
-			"EnableCORS":           cors.NewParser(),
+			"CorsConfig":           cors.NewParser(),
 			"HealthCheck":          healthcheck.NewParser(cfg),
 			"Whitelist":            ipwhitelist.NewParser(cfg),
 			"UsePortInRedirects":   portinredirect.NewParser(cfg),
@ -130,6 +130,7 @@ const (
 	sessionAffinity      = "SessionAffinity"
 	serviceUpstream      = "ServiceUpstream"
 	serverAlias          = "Alias"
+	enableCors           = "EnableCORS"
 	clientBodyBufferSize = "ClientBodyBufferSize"
 	certificateAuth      = "CertificateAuth"
 	serverSnippet        = "ServerSnippet"
@ -175,6 +176,11 @@ func (e *annotationExtractor) SessionAffinity(ing *extensions.Ingress) *sessiona
 	return val.(*sessionaffinity.AffinityConfig)
 }

+func (e *annotationExtractor) Cors(ing *extensions.Ingress) *cors.CorsConfig {
+	val, _ := e.annotations[enableCors].Parse(ing)
+	return val.(*cors.CorsConfig)
+}
+
 func (e *annotationExtractor) CertificateAuth(ing *extensions.Ingress) *authtls.AuthSSLConfig {
 	val, err := e.annotations[certificateAuth].Parse(ing)
 	if errors.IsMissingAnnotations(err) {
--- a/pkg/ingress/controller/annotations_test.go
+++ b/pkg/ingress/controller/annotations_test.go
@ -29,15 +29,22 @@ import (
 )

 const (
-	annotationSecureUpstream     = "ingress.kubernetes.io/secure-backends"
-	annotationSecureVerifyCACert = "ingress.kubernetes.io/secure-verify-ca-secret"
-	annotationUpsMaxFails        = "ingress.kubernetes.io/upstream-max-fails"
-	annotationUpsFailTimeout     = "ingress.kubernetes.io/upstream-fail-timeout"
-	annotationPassthrough        = "ingress.kubernetes.io/ssl-passthrough"
-	annotationAffinityType       = "ingress.kubernetes.io/affinity"
-	annotationAffinityCookieName = "ingress.kubernetes.io/session-cookie-name"
-	annotationAffinityCookieHash = "ingress.kubernetes.io/session-cookie-hash"
-	annotationUpstreamHashBy     = "ingress.kubernetes.io/upstream-hash-by"
+	annotationSecureUpstream       = "ingress.kubernetes.io/secure-backends"
+	annotationSecureVerifyCACert   = "ingress.kubernetes.io/secure-verify-ca-secret"
+	annotationUpsMaxFails          = "ingress.kubernetes.io/upstream-max-fails"
+	annotationUpsFailTimeout       = "ingress.kubernetes.io/upstream-fail-timeout"
+	annotationPassthrough          = "ingress.kubernetes.io/ssl-passthrough"
+	annotationAffinityType         = "ingress.kubernetes.io/affinity"
+	annotationCorsEnabled          = "ingress.kubernetes.io/enable-cors"
+	annotationCorsAllowOrigin      = "ingress.kubernetes.io/cors-allow-origin"
+	annotationCorsAllowMethods     = "ingress.kubernetes.io/cors-allow-methods"
+	annotationCorsAllowHeaders     = "ingress.kubernetes.io/cors-allow-headers"
+	annotationCorsAllowCredentials = "ingress.kubernetes.io/cors-allow-credentials"
+	defaultCorsMethods             = "GET, PUT, POST, DELETE, PATCH, OPTIONS"
+	defaultCorsHeaders             = "DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization"
+	annotationAffinityCookieName   = "ingress.kubernetes.io/session-cookie-name"
+	annotationAffinityCookieHash   = "ingress.kubernetes.io/session-cookie-hash"
+	annotationUpstreamHashBy       = "ingress.kubernetes.io/upstream-hash-by"
 )

 type mockCfg struct {
@ -293,3 +300,54 @@ func TestAffinitySession(t *testing.T) {
 		}
 	}
 }
+
+func TestCors(t *testing.T) {
+	ec := newAnnotationExtractor(mockCfg{})
+	ing := buildIngress()
+
+	fooAnns := []struct {
+		annotations map[string]string
+		corsenabled bool
+		methods     string
+		headers     string
+		origin      string
+		credentials bool
+	}{
+		{map[string]string{annotationCorsEnabled: "true"}, true, defaultCorsMethods, defaultCorsHeaders, "*", true},
+		{map[string]string{annotationCorsEnabled: "true", annotationCorsAllowMethods: "POST, GET, OPTIONS", annotationCorsAllowHeaders: "$nginx_version", annotationCorsAllowCredentials: "false"}, true, "POST, GET, OPTIONS", defaultCorsHeaders, "*", false},
+		{map[string]string{annotationCorsEnabled: "true", annotationCorsAllowCredentials: "false"}, true, defaultCorsMethods, defaultCorsHeaders, "*", false},
+		{map[string]string{}, false, defaultCorsMethods, defaultCorsHeaders, "*", true},
+		{nil, false, defaultCorsMethods, defaultCorsHeaders, "*", true},
+	}
+
+	for _, foo := range fooAnns {
+		ing.SetAnnotations(foo.annotations)
+		r := ec.Cors(ing)
+		t.Logf("Testing pass %v %v %v %v %v", foo.corsenabled, foo.methods, foo.headers, foo.origin, foo.credentials)
+		if r == nil {
+			t.Errorf("Returned nil but expected a Cors.CorsConfig")
+			continue
+		}
+
+		if r.CorsEnabled != foo.corsenabled {
+			t.Errorf("Returned %v but expected %v for Cors Enabled", r.CorsEnabled, foo.corsenabled)
+		}
+
+		if r.CorsAllowHeaders != foo.headers {
+			t.Errorf("Returned %v but expected %v for Cors Headers", r.CorsAllowHeaders, foo.headers)
+		}
+
+		if r.CorsAllowMethods != foo.methods {
+			t.Errorf("Returned %v but expected %v for Cors Methods", r.CorsAllowMethods, foo.methods)
+		}
+
+		if r.CorsAllowOrigin != foo.origin {
+			t.Errorf("Returned %v but expected %v for Cors Methods", r.CorsAllowOrigin, foo.origin)
+		}
+
+		if r.CorsAllowCredentials != foo.credentials {
+			t.Errorf("Returned %v but expected %v for Cors Methods", r.CorsAllowCredentials, foo.credentials)
+		}
+
+	}
+}
--- a/pkg/ingress/controller/util_test.go
+++ b/pkg/ingress/controller/util_test.go
@ -23,6 +23,7 @@ import (
 	"k8s.io/ingress-nginx/pkg/ingress"
 	"k8s.io/ingress-nginx/pkg/ingress/annotations/auth"
 	"k8s.io/ingress-nginx/pkg/ingress/annotations/authreq"
+	"k8s.io/ingress-nginx/pkg/ingress/annotations/cors"
 	"k8s.io/ingress-nginx/pkg/ingress/annotations/ipwhitelist"
 	"k8s.io/ingress-nginx/pkg/ingress/annotations/proxy"
 	"k8s.io/ingress-nginx/pkg/ingress/annotations/ratelimit"
@ -45,7 +46,7 @@ func TestMergeLocationAnnotations(t *testing.T) {
 		"Backend":            "foo_backend",
 		"BasicDigestAuth":    auth.BasicDigest{},
 		DeniedKeyName:        &fakeError{},
-		"EnableCORS":         true,
+		"EnableCORS":         cors.CorsConfig{},
 		"ExternalAuth":       authreq.External{},
 		"RateLimit":          ratelimit.RateLimit{},
 		"Redirect":           redirect.Redirect{},