Add admission controller e2e test

internal/ingress/controller/controller.go

@@ -38,6 +38,8 @@ import (
 	"k8s.io/ingress-nginx/internal/ingress/annotations/parser"
 	"k8s.io/ingress-nginx/internal/ingress/annotations/proxy"
 	ngx_config "k8s.io/ingress-nginx/internal/ingress/controller/config"
+	"k8s.io/ingress-nginx/internal/ingress/controller/store"
+	"k8s.io/ingress-nginx/internal/ingress/errors"
 	"k8s.io/ingress-nginx/internal/k8s"
 	"k8s.io/ingress-nginx/internal/nginx"
 	"k8s.io/klog/v2"
@@ -126,7 +128,7 @@ func (n *NGINXController) syncIngress(interface{}) error {
 		return nil
 	}
 
-	ings := n.store.ListIngresses(nil)
+	ings := n.store.ListIngresses()
 	hosts, servers, pcfg := n.getConfiguration(ings)
 
 	n.metricCollector.SetSSLExpireTime(servers)
@@ -225,24 +227,31 @@ func (n *NGINXController) CheckIngress(ing *networking.Ingress) error {
 		}
 	}
 
+	k8s.SetDefaultNGINXPathType(ing)
+
+	allIngresses := n.store.ListIngresses()
+
 	filter := func(toCheck *ingress.Ingress) bool {
 		return toCheck.ObjectMeta.Namespace == ing.ObjectMeta.Namespace &&
 			toCheck.ObjectMeta.Name == ing.ObjectMeta.Name
 	}
-
-	k8s.SetDefaultNGINXPathType(ing)
-
-	ings := n.store.ListIngresses(filter)
+	ings := store.FilterIngresses(allIngresses, filter)
 	ings = append(ings, &ingress.Ingress{
 		Ingress:           *ing,
 		ParsedAnnotations: annotations.NewAnnotationExtractor(n.store).Extract(ing),
 	})
 
-	_, _, pcfg := n.getConfiguration(ings)
-
 	cfg := n.store.GetBackendConfiguration()
 	cfg.Resolver = n.resolver
 
+	_, servers, pcfg := n.getConfiguration(ings)
+
+	err := checkOverlap(ing, allIngresses, servers)
+	if err != nil {
+		n.metricCollector.IncCheckErrorCount(ing.ObjectMeta.Namespace, ing.Name)
+		return err
+	}
+
 	content, err := n.generateTemplate(cfg, *pcfg)
 	if err != nil {
 		n.metricCollector.IncCheckErrorCount(ing.ObjectMeta.Namespace, ing.Name)
@@ -252,11 +261,11 @@ func (n *NGINXController) CheckIngress(ing *networking.Ingress) error {
 	err = n.testTemplate(content)
 	if err != nil {
 		n.metricCollector.IncCheckErrorCount(ing.ObjectMeta.Namespace, ing.Name)
-	} else {
-		n.metricCollector.IncCheckCount(ing.ObjectMeta.Namespace, ing.Name)
+		return err
 	}
 
-	return err
+	n.metricCollector.IncCheckCount(ing.ObjectMeta.Namespace, ing.Name)
+	return nil
 }
 
 func (n *NGINXController) getStreamServices(configmapName string, proto apiv1.Protocol) []ingress.L4Service {
@@ -1519,3 +1528,79 @@ func externalNamePorts(name string, svc *apiv1.Service) *apiv1.ServicePort {
 		TargetPort: intstr.FromInt(port),
 	}
 }
+
+func checkOverlap(ing *networking.Ingress, ingresses []*ingress.Ingress, servers []*ingress.Server) error {
+	for _, rule := range ing.Spec.Rules {
+		if rule.HTTP == nil {
+			continue
+		}
+
+		if rule.Host == "" {
+			rule.Host = defServerName
+		}
+
+		for _, path := range rule.HTTP.Paths {
+			if path.Path == "" {
+				path.Path = rootLocation
+			}
+
+			existingIngresses := ingressForHostPath(rule.Host, path.Path, servers)
+
+			// no previous ingress
+			if len(existingIngresses) == 0 {
+				continue
+			}
+
+			// same ingress
+			skipValidation := false
+			for _, existing := range existingIngresses {
+				if existing.ObjectMeta.Namespace == ing.ObjectMeta.Namespace && existing.ObjectMeta.Name == ing.ObjectMeta.Name {
+					return nil
+				}
+			}
+
+			if skipValidation {
+				continue
+			}
+
+			// path overlap. Check if one of the ingresses has a canary annotation
+			isCanaryEnabled, annotationErr := parser.GetBoolAnnotation("canary", ing)
+			for _, existing := range existingIngresses {
+				isExistingCanaryEnabled, existingAnnotationErr := parser.GetBoolAnnotation("canary", existing)
+
+				if isCanaryEnabled && isExistingCanaryEnabled {
+					return fmt.Errorf(`host "%s" and path "%s" is already defined in ingress %s/%s`, rule.Host, path.Path, existing.Namespace, existing.Name)
+				}
+
+				if annotationErr == errors.ErrMissingAnnotations && existingAnnotationErr == existingAnnotationErr {
+					return fmt.Errorf(`host "%s" and path "%s" is already defined in ingress %s/%s`, rule.Host, path.Path, existing.Namespace, existing.Name)
+				}
+			}
+
+			// no overlap
+			return nil
+		}
+	}
+
+	return nil
+}
+
+func ingressForHostPath(hostname, path string, servers []*ingress.Server) []*networking.Ingress {
+	ingresses := make([]*networking.Ingress, 0)
+
+	for _, server := range servers {
+		if hostname != server.Hostname {
+			continue
+		}
+
+		for _, location := range server.Locations {
+			if location.Path != path {
+				continue
+			}
+
+			ingresses = append(ingresses, &location.Ingress.Ingress)
+		}
+	}
+
+	return ingresses
+}

internal/ingress/controller/controller_test.go

@@ -78,10 +78,14 @@ func (fakeIngressStore) GetServiceEndpoints(key string) (*corev1.Endpoints, erro
 	return nil, fmt.Errorf("test error")
 }
 
-func (fis fakeIngressStore) ListIngresses(store.IngressFilterFunc) []*ingress.Ingress {
+func (fis fakeIngressStore) ListIngresses() []*ingress.Ingress {
 	return fis.ingresses
 }
 
+func (fis fakeIngressStore) FilterIngresses(ingresses []*ingress.Ingress, filterFunc store.IngressFilterFunc) []*ingress.Ingress {
+	return ingresses
+}
+
 func (fakeIngressStore) GetRunningControllerPodsCount() int {
 	return 0
 }

internal/ingress/controller/store/ingress.go

@@ -19,6 +19,7 @@ package store
 import (
 	networking "k8s.io/api/networking/v1beta1"
 	"k8s.io/client-go/tools/cache"
+	"k8s.io/ingress-nginx/internal/ingress"
 )
 
 // IngressLister makes a Store that lists Ingress.
@@ -37,3 +38,16 @@ func (il IngressLister) ByKey(key string) (*networking.Ingress, error) {
 	}
 	return i.(*networking.Ingress), nil
 }
+
+// FilterIngresses returns the list of Ingresses
+func FilterIngresses(ingresses []*ingress.Ingress, filterFunc IngressFilterFunc) []*ingress.Ingress {
+	afterFilter := make([]*ingress.Ingress, 0)
+	for _, ingress := range ingresses {
+		if !filterFunc(ingress) {
+			afterFilter = append(afterFilter, ingress)
+		}
+	}
+
+	sortIngressSlice(afterFilter)
+	return afterFilter
+}

internal/ingress/controller/store/store.go

@@ -79,7 +79,7 @@ type Storer interface {
 	GetServiceEndpoints(key string) (*corev1.Endpoints, error)
 
 	// ListIngresses returns a list of all Ingresses in the store.
-	ListIngresses(IngressFilterFunc) []*ingress.Ingress
+	ListIngresses() []*ingress.Ingress
 
 	// GetRunningControllerPodsCount returns the number of Running ingress-nginx controller Pods.
 	GetRunningControllerPodsCount() int
@@ -804,20 +804,7 @@ func (s *k8sStore) getIngress(key string) (*networkingv1beta1.Ingress, error) {
 	return &ing.Ingress, nil
 }
 
-// ListIngresses returns the list of Ingresses
-func (s *k8sStore) ListIngresses(filter IngressFilterFunc) []*ingress.Ingress {
-	// filter ingress rules
-	ingresses := make([]*ingress.Ingress, 0)
-	for _, item := range s.listers.IngressWithAnnotation.List() {
-		ing := item.(*ingress.Ingress)
-
-		if filter != nil && filter(ing) {
-			continue
-		}
-
-		ingresses = append(ingresses, ing)
-	}
-
+func sortIngressSlice(ingresses []*ingress.Ingress) {
 	// sort Ingresses using the CreationTimestamp field
 	sort.SliceStable(ingresses, func(i, j int) bool {
 		ir := ingresses[i].CreationTimestamp
@@ -830,6 +817,18 @@ func (s *k8sStore) ListIngresses(filter IngressFilterFunc) []*ingress.Ingress {
 		}
 		return ir.Before(&jr)
 	})
+}
+
+// ListIngresses returns the list of Ingresses
+func (s *k8sStore) ListIngresses() []*ingress.Ingress {
+	// filter ingress rules
+	ingresses := make([]*ingress.Ingress, 0)
+	for _, item := range s.listers.IngressWithAnnotation.List() {
+		ing := item.(*ingress.Ingress)
+		ingresses = append(ingresses, ing)
+	}
+
+	sortIngressSlice(ingresses)
 
 	return ingresses
 }

internal/ingress/controller/store/store_test.go

@@ -952,7 +952,7 @@ func TestListIngresses(t *testing.T) {
 	}
 	s.listers.IngressWithAnnotation.Add(ingressWithNginxClass)
 
-	ingresses := s.ListIngresses(nil)
+	ingresses := s.ListIngresses()
 
 	if s := len(ingresses); s != 3 {
 		t.Errorf("Expected 3 Ingresses but got %v", s)