Switch logic on path type validation and setting it to false (#9543)

* update path type validation to be false and update e2e test scripts Signed-off-by: James Strong <strong.james.e@gmail.com> * update to make tests clear Signed-off-by: James Strong <strong.james.e@gmail.com> * update test params Signed-off-by: James Strong <strong.james.e@gmail.com> * Adding else per pr comments Signed-off-by: James Strong <james.strong@chainguard.dev> --------- Signed-off-by: James Strong <strong.james.e@gmail.com> Signed-off-by: James Strong <james.strong@chainguard.dev>
2023-01-31 20:09:06 -05:00 · 2023-01-31 20:09:06 -05:00 · 7d1c47ab54
commit 7d1c47ab54
parent f90f37bed6
14 changed files with 354 additions and 319 deletions
--- a/internal/ingress/controller/config/config.go
+++ b/internal/ingress/controller/config/config.go
@ -783,14 +783,15 @@ type Configuration struct {
 	// Default: ""
 	DebugConnections []string `json:"debug-connections"`

-	// DisablePathTypeValidation allows the admin to disable the pathType validation.
-	// If PathTypeValidation is enabled, the Controller will only allow alphanumeric
+	// EnablePathTypeValidation allows the admin to enable the pathType validation.
+	// If EnablePathTypeValidation is enabled, the Controller will only allow alphanumeric
 	// characters on path (0-9, a-z, A-Z, "-", ".", "_", "~", "/")
-	DisablePathTypeValidation bool `json:"disable-pathtype-validation"`
+	// to control what characters are allowed set them with PathAdditionalAllowedChars
+	EnablePathTypeValidation bool `json:"enable-pathtype-validation"`

 	// PathAdditionalAllowedChars allows the admin to specify what are the additional
 	// characters allowed in case of pathType=ImplementationSpecific.
-	// Case disable-pathtype-validation=true, this characters will be allowed on any path.
+	// Case enable-pathtype-validation=true, this characters will be only allowed on ImplementationSpecific.
 	// Defaults to: "^%$[](){}*+?"
 	PathAdditionalAllowedChars string `json:"path-additional-allowed-chars"`
 }
@ -828,7 +829,7 @@ func NewDefault() Configuration {
 		ClientHeaderTimeout:              60,
 		ClientBodyBufferSize:             "8k",
 		ClientBodyTimeout:                60,
-		DisablePathTypeValidation:        false,
+		EnablePathTypeValidation:         false,
 		PathAdditionalAllowedChars:       "^%$[](){}*+?|",
 		EnableUnderscoresInHeaders:       false,
 		ErrorLogLevel:                    errorLevel,
--- a/internal/ingress/controller/controller.go
+++ b/internal/ingress/controller/controller.go
@ -325,7 +325,7 @@ func (n *NGINXController) CheckIngress(ing *networking.Ingress) error {

 	k8s.SetDefaultNGINXPathType(ing)

-	if err := utilingress.ValidateIngressPath(ing, cfg.DisablePathTypeValidation, cfg.PathAdditionalAllowedChars); err != nil {
+	if err := utilingress.ValidateIngressPath(ing, cfg.EnablePathTypeValidation, cfg.PathAdditionalAllowedChars); err != nil {
 		return fmt.Errorf("ingress contains invalid characters: %s", err)
 	}

--- a/internal/ingress/controller/controller_test.go
+++ b/internal/ingress/controller/controller_test.go
@ -203,11 +203,11 @@ func TestCheckIngress(t *testing.T) {
 	}

 	t.Run("when validating pathType", func(t *testing.T) {
-		t.Run("When ingress contains invalid path and pathType validation is not disabled", func(t *testing.T) {
+		t.Run("When ingress contains invalid path and pathType validation is enabled", func(t *testing.T) {
 			nginx.store = fakeIngressStore{
 				ingresses: []*ingress.Ingress{},
 				configuration: ngx_config.Configuration{
-					DisablePathTypeValidation: false,
+					EnablePathTypeValidation: true,
 				},
 			}
 			nginx.command = testNginxTestCommand{
@ -253,7 +253,7 @@ func TestCheckIngress(t *testing.T) {
 			nginx.store = fakeIngressStore{
 				ingresses: []*ingress.Ingress{},
 				configuration: ngx_config.Configuration{
-					DisablePathTypeValidation:  true,
+					EnablePathTypeValidation:   false,
 					PathAdditionalAllowedChars: "^%$[](){}*+?|",
 				},
 			}
--- a/internal/ingress/controller/store/store.go
+++ b/internal/ingress/controller/store/store.go
@ -846,7 +846,7 @@ func (s *k8sStore) syncIngress(ing *networkingv1.Ingress) {
 	copyIng := &networkingv1.Ingress{}
 	ing.ObjectMeta.DeepCopyInto(&copyIng.ObjectMeta)

-	if err := ingressutils.ValidateIngressPath(ing, s.backendConfig.DisablePathTypeValidation, s.backendConfig.PathAdditionalAllowedChars); err != nil {
+	if err := ingressutils.ValidateIngressPath(ing, s.backendConfig.EnablePathTypeValidation, s.backendConfig.PathAdditionalAllowedChars); err != nil {
 		klog.Errorf("ingress %s contains invalid path and will be skipped: %s", key, err)
 		return
 	}