Adding ipdenylist annotation (#8795)

* feat: Add support for IP Deny List

* fixed gomod

* Update package

* go mod tidy

* Revert "go mod tidy"

This reverts commit e6a837e1e76d72115e8727a33d2f4c1cd7249f1f.

* update ginko version

* Updates e2e tests

* fix test typo

pkg/apis/ingress/types.go

@@ -30,6 +30,7 @@ import (
 	"k8s.io/ingress-nginx/internal/ingress/annotations/fastcgi"
 	"k8s.io/ingress-nginx/internal/ingress/annotations/globalratelimit"
 	"k8s.io/ingress-nginx/internal/ingress/annotations/influxdb"
+	"k8s.io/ingress-nginx/internal/ingress/annotations/ipdenylist"
 	"k8s.io/ingress-nginx/internal/ingress/annotations/ipwhitelist"
 	"k8s.io/ingress-nginx/internal/ingress/annotations/log"
 	"k8s.io/ingress-nginx/internal/ingress/annotations/mirror"
@@ -222,6 +223,7 @@ type Server struct {
 // In some cases when more than one annotations is defined a particular order in the execution
 // is required.
 // The chain in the execution order of annotations should be:
+// - Denylist
 // - Whitelist
 // - RateLimit
 // - BasicDigestAuth
@@ -292,6 +294,10 @@ type Location struct {
 	// Rewrite describes the redirection this location.
 	// +optional
 	Rewrite rewrite.Config `json:"rewrite,omitempty"`
+	// Denylist indicates only connections from certain client
+	// addresses or networks are allowed.
+	// +optional
+	Denylist ipdenylist.SourceRange `json:"denylist,omitempty"`
 	// Whitelist indicates only connections from certain client
 	// addresses or networks are allowed.
 	// +optional

pkg/apis/ingress/types_equals.go

@@ -401,6 +401,9 @@ func (l1 *Location) Equal(l2 *Location) bool {
 	if !(&l1.Rewrite).Equal(&l2.Rewrite) {
 		return false
 	}
+	if !(&l1.Denylist).Equal(&l2.Denylist) {
+		return false
+	}
 	if !(&l1.Whitelist).Equal(&l2.Whitelist) {
 		return false
 	}