feat: always set auth cookie (#8213)

* feat: always set auth cookie Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com> * feat: Add annotation to always set auth cookie * Add annotation * Add global configmap key * Provide unit tests and e2e tests * Fix e2e documentation autogen script Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com> * Regenerate e2e tests Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>
2022-05-20 02:27:53 +04:00 · 2022-05-20 02:27:53 +04:00 · 2c27e66cc7
commit 2c27e66cc7
parent 93af9f726a
13 changed files with 501 additions and 537 deletions
--- a/internal/ingress/annotations/authreq/main.go
+++ b/internal/ingress/annotations/authreq/main.go
@ -48,6 +48,7 @@ type Config struct {
 	KeepaliveRequests      int               `json:"keepaliveRequests"`
 	KeepaliveTimeout       int               `json:"keepaliveTimeout"`
 	ProxySetHeaders        map[string]string `json:"proxySetHeaders,omitempty"`
+	AlwaysSetCookie        bool              `json:"alwaysSetCookie,omitempty"`
 }

 // DefaultCacheDuration is the fallback value if no cache duration is provided
@ -112,6 +113,10 @@ func (e1 *Config) Equal(e2 *Config) bool {
 		return false
 	}

+	if e1.AlwaysSetCookie != e2.AlwaysSetCookie {
+		return false
+	}
+
 	return sets.StringElementsMatch(e1.AuthCacheDuration, e2.AuthCacheDuration)
 }

@ -297,6 +302,8 @@ func (a authReq) Parse(ing *networking.Ingress) (interface{}, error) {

 	requestRedirect, _ := parser.GetStringAnnotation("auth-request-redirect", ing)

+	alwaysSetCookie, _ := parser.GetBoolAnnotation("auth-always-set-cookie", ing)
+
 	return &Config{
 		URL:                    urlString,
 		Host:                   authURL.Hostname(),
@ -312,6 +319,7 @@ func (a authReq) Parse(ing *networking.Ingress) (interface{}, error) {
 		KeepaliveRequests:      keepaliveRequests,
 		KeepaliveTimeout:       keepaliveTimeout,
 		ProxySetHeaders:        proxySetHeaders,
+		AlwaysSetCookie:        alwaysSetCookie,
 	}, nil
 }

--- a/internal/ingress/annotations/authreq/main_test.go
+++ b/internal/ingress/annotations/authreq/main_test.go
@ -71,6 +71,13 @@ func buildIngress() *networking.Ingress {
 	}
 }

+func boolToString(v bool) string {
+	if v {
+		return "true"
+	}
+	return "false"
+}
+
 func TestAnnotations(t *testing.T) {
 	ing := buildIngress()

@ -86,19 +93,20 @@ func TestAnnotations(t *testing.T) {
 		requestRedirect        string
 		authSnippet            string
 		authCacheKey           string
+		authAlwaysSetCookie    bool
 		expErr                 bool
 	}{
-		{"empty", "", "", "", "", "", "", "", true},
-		{"no scheme", "bar", "bar", "", "", "", "", "", true},
-		{"invalid host", "http://", "http://", "", "", "", "", "", true},
-		{"invalid host (multiple dots)", "http://foo..bar.com", "http://foo..bar.com", "", "", "", "", "", true},
-		{"valid URL", "http://bar.foo.com/external-auth", "http://bar.foo.com/external-auth", "", "", "", "", "", false},
-		{"valid URL - send body", "http://foo.com/external-auth", "http://foo.com/external-auth", "", "POST", "", "", "", false},
-		{"valid URL - send body", "http://foo.com/external-auth", "http://foo.com/external-auth", "", "GET", "", "", "", false},
-		{"valid URL - request redirect", "http://foo.com/external-auth", "http://foo.com/external-auth", "", "GET", "http://foo.com/redirect-me", "", "", false},
-		{"auth snippet", "http://foo.com/external-auth", "http://foo.com/external-auth", "", "", "", "proxy_set_header My-Custom-Header 42;", "", false},
-		{"auth cache ", "http://foo.com/external-auth", "http://foo.com/external-auth", "", "", "", "", "$foo$bar", false},
-		{"redirect param", "http://bar.foo.com/external-auth", "http://bar.foo.com/external-auth", "origUrl", "", "", "", "", false},
+		{"empty", "", "", "", "", "", "", "", false, true},
+		{"no scheme", "bar", "bar", "", "", "", "", "", false, true},
+		{"invalid host", "http://", "http://", "", "", "", "", "", false, true},
+		{"invalid host (multiple dots)", "http://foo..bar.com", "http://foo..bar.com", "", "", "", "", "", false, true},
+		{"valid URL", "http://bar.foo.com/external-auth", "http://bar.foo.com/external-auth", "", "", "", "", "", false, false},
+		{"valid URL - send body", "http://foo.com/external-auth", "http://foo.com/external-auth", "", "POST", "", "", "", false, false},
+		{"valid URL - send body", "http://foo.com/external-auth", "http://foo.com/external-auth", "", "GET", "", "", "", false, false},
+		{"valid URL - request redirect", "http://foo.com/external-auth", "http://foo.com/external-auth", "", "GET", "http://foo.com/redirect-me", "", "", false, false},
+		{"auth snippet", "http://foo.com/external-auth", "http://foo.com/external-auth", "", "", "", "proxy_set_header My-Custom-Header 42;", "", false, false},
+		{"auth cache ", "http://foo.com/external-auth", "http://foo.com/external-auth", "", "", "", "", "$foo$bar", false, false},
+		{"redirect param", "http://bar.foo.com/external-auth", "http://bar.foo.com/external-auth", "origUrl", "", "", "", "", true, false},
 	}

 	for _, test := range tests {
@ -109,6 +117,7 @@ func TestAnnotations(t *testing.T) {
 		data[parser.GetAnnotationWithPrefix("auth-request-redirect")] = test.requestRedirect
 		data[parser.GetAnnotationWithPrefix("auth-snippet")] = test.authSnippet
 		data[parser.GetAnnotationWithPrefix("auth-cache-key")] = test.authCacheKey
+		data[parser.GetAnnotationWithPrefix("auth-always-set-cookie")] = boolToString(test.authAlwaysSetCookie)

 		i, err := NewParser(&resolver.Mock{}).Parse(ing)
 		if test.expErr {
@ -146,6 +155,10 @@ func TestAnnotations(t *testing.T) {
 		if u.AuthCacheKey != test.authCacheKey {
 			t.Errorf("%v: expected \"%v\" but \"%v\" was returned", test.title, test.authCacheKey, u.AuthCacheKey)
 		}
+
+		if u.AlwaysSetCookie != test.authAlwaysSetCookie {
+			t.Errorf("%v: expected \"%v\" but \"%v\" was returned", test.title, test.authAlwaysSetCookie, u.AlwaysSetCookie)
+		}
 	}
 }