Added Global External Authentication settings to configmap parameters incl. addons

internal/ingress/annotations/authreq/main.go

@@ -17,6 +17,7 @@ limitations under the License.
 package authreq
 
 import (
+	"fmt"
 	"net/url"
 	"regexp"
 	"strings"
@@ -84,7 +85,8 @@ var (
 	headerRegexp = regexp.MustCompile(`^[a-zA-Z\d\-_]+$`)
 )
 
-func validMethod(method string) bool {
+// ValidMethod checks is the provided string a valid HTTP method
+func ValidMethod(method string) bool {
 	if len(method) == 0 {
 		return false
 	}
@@ -97,7 +99,8 @@ func validMethod(method string) bool {
 	return false
 }
 
-func validHeader(header string) bool {
+// ValidHeader checks is the provided string satisfies the header's name regex
+func ValidHeader(header string) bool {
 	return headerRegexp.Match([]byte(header))
 }
 
@@ -119,22 +122,13 @@ func (a authReq) Parse(ing *extensions.Ingress) (interface{}, error) {
 		return nil, err
 	}
 
-	authURL, err := url.Parse(urlString)
-	if err != nil {
-		return nil, err
-	}
-	if authURL.Scheme == "" {
-		return nil, ing_errors.NewLocationDenied("url scheme is empty")
-	}
-	if authURL.Host == "" {
-		return nil, ing_errors.NewLocationDenied("url host is empty")
-	}
-	if strings.Contains(authURL.Host, "..") {
-		return nil, ing_errors.NewLocationDenied("invalid url host")
+	authURL, message := ParseStringToURL(urlString)
+	if authURL == nil {
+		return nil, ing_errors.NewLocationDenied(message)
 	}
 
 	authMethod, _ := parser.GetStringAnnotation("auth-method", ing)
-	if len(authMethod) != 0 && !validMethod(authMethod) {
+	if len(authMethod) != 0 && !ValidMethod(authMethod) {
 		return nil, ing_errors.NewLocationDenied("invalid HTTP method")
 	}
 
@@ -156,7 +150,7 @@ func (a authReq) Parse(ing *extensions.Ingress) (interface{}, error) {
 		for _, header := range harr {
 			header = strings.TrimSpace(header)
 			if len(header) > 0 {
-				if !validHeader(header) {
+				if !ValidHeader(header) {
 					return nil, ing_errors.NewLocationDenied("invalid headers list")
 				}
 				responseHeaders = append(responseHeaders, header)
@@ -176,3 +170,22 @@ func (a authReq) Parse(ing *extensions.Ingress) (interface{}, error) {
 		AuthSnippet:     authSnippet,
 	}, nil
 }
+
+// ParseStringToURL parses the provided string into URL and returns error
+// message in case of failure
+func ParseStringToURL(input string) (*url.URL, string) {
+
+	parsedURL, err := url.Parse(input)
+	if err != nil {
+		return nil, fmt.Sprintf("%v is not a valid URL: %v", input, err)
+	}
+	if parsedURL.Scheme == "" {
+		return nil, "url scheme is empty."
+	} else if parsedURL.Host == "" {
+		return nil, "url host is empty."
+	} else if strings.Contains(parsedURL.Host, "..") {
+		return nil, "invalid url host."
+	}
+	return parsedURL, ""
+
+}

internal/ingress/annotations/authreq/main_test.go

@@ -18,6 +18,7 @@ package authreq
 
 import (
 	"fmt"
+	"net/url"
 	"reflect"
 	"testing"
 
@@ -178,3 +179,38 @@ func TestHeaderAnnotations(t *testing.T) {
 		}
 	}
 }
+
+func TestParseStringToURL(t *testing.T) {
+	validURL := "http://bar.foo.com/external-auth"
+	validParsedURL, _ := url.Parse(validURL)
+
+	tests := []struct {
+		title   string
+		url     string
+		message string
+		parsed  *url.URL
+		expErr  bool
+	}{
+		{"empty", "", "url scheme is empty.", nil, true},
+		{"no scheme", "bar", "url scheme is empty.", nil, true},
+		{"invalid host", "http://", "url host is empty.", nil, true},
+		{"invalid host (multiple dots)", "http://foo..bar.com", "invalid url host.", nil, true},
+		{"valid URL", validURL, "", validParsedURL, false},
+	}
+
+	for _, test := range tests {
+
+		i, err := ParseStringToURL(test.url)
+		if test.expErr {
+			if err != test.message {
+				t.Errorf("%v: expected error \"%v\" but \"%v\" was returned", test.title, test.message, err)
+			}
+			continue
+		}
+
+		if i.String() != test.parsed.String() {
+			t.Errorf("%v: expected \"%v\" but \"%v\" was returned", test.title, test.parsed, i)
+		}
+	}
+
+}