DevFW-CICD/ingress-nginx-helm
6
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Fix golangci-lint errors (#10196)

Browse source 
* Fix golangci-lint errors

Signed-off-by: z1cheng <imchench@gmail.com>

* Fix dupl errors

Signed-off-by: z1cheng <imchench@gmail.com>

* Fix comments

Signed-off-by: z1cheng <imchench@gmail.com>

* Fix errcheck lint errors

Signed-off-by: z1cheng <imchench@gmail.com>

* Fix assert in e2e test

Signed-off-by: z1cheng <imchench@gmail.com>

* Not interrupt the waitForPodsReady

Signed-off-by: z1cheng <imchench@gmail.com>

* Replace string with constant

Signed-off-by: z1cheng <imchench@gmail.com>

* Fix comments

Signed-off-by: z1cheng <imchench@gmail.com>

* Revert write file permision

Signed-off-by: z1cheng <imchench@gmail.com>

---------

Signed-off-by: z1cheng <imchench@gmail.com>
This commit is contained in:
Chen Chen 2023-08-31 15:36:48 +08:00 committed by GitHub
parent 46d87d3462
commit b3060bfbd0
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
253 changed files with 2434 additions and 2113 deletions
Download patch file Download diff file Expand all files Collapse all files

84
test/e2e/annotations/auth.go
View file

@ -36,6 +36,12 @@ import (
"k8s.io/ingress-nginx/test/e2e/framework"
)
const (
differentHost = "different"
authHost = "auth"
authURL = "http://foo.bar.baz:5000/path"
)
var _ = framework.DescribeAnnotation("auth-*", func() {
f := framework.NewDefaultFramework("auth", framework.WithHTTPBunEnabled())
@ -44,7 +50,7 @@ var _ = framework.DescribeAnnotation("auth-*", func() {
})
ginkgo.It("should return status code 200 when no authentication is configured", func() {
host := "auth"
host := authHost
ing := framework.NewSingleIngress(host, "/", host, f.Namespace, framework.EchoService, 80, nil)
f.EnsureIngress(ing)
@ -63,7 +69,7 @@ var _ = framework.DescribeAnnotation("auth-*", func() {
})
ginkgo.It("should return status code 503 when authentication is configured with an invalid secret", func() {
host := "auth"
host := authHost
annotations := map[string]string{
"nginx.ingress.kubernetes.io/auth-type": "basic",
"nginx.ingress.kubernetes.io/auth-secret": "something",
@ -87,9 +93,9 @@ var _ = framework.DescribeAnnotation("auth-*", func() {
})
ginkgo.It("should return status code 401 when authentication is configured but Authorization header is not configured", func() {
host := "auth"
host := authHost
s := f.EnsureSecret(buildSecret("foo", "bar", "test", f.Namespace))
s := f.EnsureSecret(buildSecret(fooHost, "bar", "test", f.Namespace))
annotations := map[string]string{
"nginx.ingress.kubernetes.io/auth-type": "basic",
@ -114,9 +120,9 @@ var _ = framework.DescribeAnnotation("auth-*", func() {
})
ginkgo.It("should return status code 401 when authentication is configured and Authorization header is sent with invalid credentials", func() {
host := "auth"
host := authHost
s := f.EnsureSecret(buildSecret("foo", "bar", "test", f.Namespace))
s := f.EnsureSecret(buildSecret(fooHost, "bar", "test", f.Namespace))
annotations := map[string]string{
"nginx.ingress.kubernetes.io/auth-type": "basic",
@ -142,9 +148,9 @@ var _ = framework.DescribeAnnotation("auth-*", func() {
})
ginkgo.It("should return status code 401 and cors headers when authentication and cors is configured but Authorization header is not configured", func() {
host := "auth"
host := authHost
s := f.EnsureSecret(buildSecret("foo", "bar", "test", f.Namespace))
s := f.EnsureSecret(buildSecret(fooHost, "bar", "test", f.Namespace))
annotations := map[string]string{
"nginx.ingress.kubernetes.io/auth-type": "basic",
@ -170,9 +176,9 @@ var _ = framework.DescribeAnnotation("auth-*", func() {
})
ginkgo.It("should return status code 200 when authentication is configured and Authorization header is sent", func() {
host := "auth"
host := authHost
s := f.EnsureSecret(buildSecret("foo", "bar", "test", f.Namespace))
s := f.EnsureSecret(buildSecret(fooHost, "bar", "test", f.Namespace))
annotations := map[string]string{
"nginx.ingress.kubernetes.io/auth-type": "basic",
@ -191,15 +197,15 @@ var _ = framework.DescribeAnnotation("auth-*", func() {
f.HTTPTestClient().
GET("/").
WithHeader("Host", host).
WithBasicAuth("foo", "bar").
WithBasicAuth(fooHost, "bar").
Expect().
Status(http.StatusOK)
})
ginkgo.It("should return status code 200 when authentication is configured with a map and Authorization header is sent", func() {
host := "auth"
host := authHost
s := f.EnsureSecret(buildMapSecret("foo", "bar", "test", f.Namespace))
s := f.EnsureSecret(buildMapSecret(fooHost, "bar", "test", f.Namespace))
annotations := map[string]string{
"nginx.ingress.kubernetes.io/auth-type": "basic",
@ -219,13 +225,13 @@ var _ = framework.DescribeAnnotation("auth-*", func() {
f.HTTPTestClient().
GET("/").
WithHeader("Host", host).
WithBasicAuth("foo", "bar").
WithBasicAuth(fooHost, "bar").
Expect().
Status(http.StatusOK)
})
ginkgo.It("should return status code 401 when authentication is configured with invalid content and Authorization header is sent", func() {
host := "auth"
host := authHost
s := f.EnsureSecret(
&corev1.Secret{
@ -258,13 +264,13 @@ var _ = framework.DescribeAnnotation("auth-*", func() {
f.HTTPTestClient().
GET("/").
WithHeader("Host", host).
WithBasicAuth("foo", "bar").
WithBasicAuth(fooHost, "bar").
Expect().
Status(http.StatusUnauthorized)
})
ginkgo.It(`should set snippet "proxy_set_header My-Custom-Header 42;" when external auth is configured`, func() {
host := "auth"
host := authHost
annotations := map[string]string{
"nginx.ingress.kubernetes.io/auth-url": "http://foo.bar/basic-auth/user/password",
@ -282,7 +288,7 @@ var _ = framework.DescribeAnnotation("auth-*", func() {
})
ginkgo.It(`should not set snippet "proxy_set_header My-Custom-Header 42;" when external auth is not configured`, func() {
host := "auth"
host := authHost
annotations := map[string]string{
"nginx.ingress.kubernetes.io/auth-snippet": `
@ -299,7 +305,7 @@ var _ = framework.DescribeAnnotation("auth-*", func() {
})
ginkgo.It(`should set "proxy_set_header 'My-Custom-Header' '42';" when auth-headers are set`, func() {
host := "auth"
host := authHost
annotations := map[string]string{
"nginx.ingress.kubernetes.io/auth-url": "http://foo.bar/basic-auth/user/password",
@ -320,11 +326,11 @@ var _ = framework.DescribeAnnotation("auth-*", func() {
})
ginkgo.It(`should set cache_key when external auth cache is configured`, func() {
host := "auth"
host := authHost
annotations := map[string]string{
"nginx.ingress.kubernetes.io/auth-url": "http://foo.bar/basic-auth/user/password",
"nginx.ingress.kubernetes.io/auth-cache-key": "foo",
"nginx.ingress.kubernetes.io/auth-cache-key": fooHost,
"nginx.ingress.kubernetes.io/auth-cache-duration": "200 202 401 30m",
}
@ -337,7 +343,6 @@ var _ = framework.DescribeAnnotation("auth-*", func() {
func(server string) bool {
return cacheRegex.MatchString(server) &&
strings.Contains(server, `proxy_cache_valid 200 202 401 30m;`)
})
})
@ -405,7 +410,6 @@ http {
f.WaitForNginxServer(host, func(server string) bool {
return strings.Contains(server, "server_name "+host)
})
})
ginkgo.It("user retains cookie by default", func() {
@ -431,7 +435,7 @@ http {
})
ginkgo.It("user with annotated ingress retains cookie if upstream returns error status code", func() {
annotations["nginx.ingress.kubernetes.io/auth-always-set-cookie"] = "true"
annotations["nginx.ingress.kubernetes.io/auth-always-set-cookie"] = enableAnnotation
f.UpdateIngress(ing1)
f.UpdateIngress(ing2)
@ -451,7 +455,7 @@ http {
})
ginkgo.Context("when external authentication is configured", func() {
host := "auth"
host := authHost
var annotations map[string]string
var ing *networking.Ingress
@ -495,7 +499,7 @@ http {
annotations["nginx.ingress.kubernetes.io/auth-realm"] = "test auth"
f.UpdateIngress(ing)
anotherHost := "different"
anotherHost := differentHost
anotherAnnotations := map[string]string{}
anotherIng := framework.NewSingleIngress(anotherHost, "/", anotherHost, f.Namespace, framework.EchoService, 80, anotherAnnotations)
@ -544,12 +548,12 @@ http {
// Sleep a while just to guarantee that the configmap is applied
framework.Sleep()
annotations["nginx.ingress.kubernetes.io/auth-url"] = "http://foo.bar.baz:5000/path"
annotations["nginx.ingress.kubernetes.io/auth-url"] = authURL
f.UpdateIngress(ing)
f.WaitForNginxServer("",
func(server string) bool {
return strings.Contains(server, "http://foo.bar.baz:5000/path") &&
return strings.Contains(server, authURL) &&
!strings.Contains(server, `upstream auth-external-auth`)
})
})
@ -582,19 +586,19 @@ http {
// Sleep a while just to guarantee that the configmap is applied
framework.Sleep()
annotations["nginx.ingress.kubernetes.io/auth-url"] = "http://foo.bar.baz:5000/path"
annotations["nginx.ingress.kubernetes.io/auth-url"] = authURL
annotations["nginx.ingress.kubernetes.io/auth-keepalive"] = "-1"
f.UpdateIngress(ing)
f.WaitForNginxServer("",
func(server string) bool {
return strings.Contains(server, "http://foo.bar.baz:5000/path") &&
return strings.Contains(server, authURL) &&
!strings.Contains(server, `upstream auth-external-auth`)
})
})
ginkgo.It(`should not create additional upstream block when auth-keepalive is set with HTTP/2`, func() {
annotations["nginx.ingress.kubernetes.io/auth-url"] = "http://foo.bar.baz:5000/path"
annotations["nginx.ingress.kubernetes.io/auth-url"] = authURL
annotations["nginx.ingress.kubernetes.io/auth-keepalive"] = "123"
annotations["nginx.ingress.kubernetes.io/auth-keepalive-requests"] = "456"
annotations["nginx.ingress.kubernetes.io/auth-keepalive-timeout"] = "789"
@ -602,7 +606,7 @@ http {
f.WaitForNginxServer("",
func(server string) bool {
return strings.Contains(server, "http://foo.bar.baz:5000/path") &&
return strings.Contains(server, authURL) &&
!strings.Contains(server, `upstream auth-external-auth`)
})
})
@ -657,7 +661,7 @@ http {
framework.Sleep()
annotations["nginx.ingress.kubernetes.io/auth-keepalive"] = "10"
annotations["nginx.ingress.kubernetes.io/auth-keepalive-share-vars"] = "true"
annotations["nginx.ingress.kubernetes.io/auth-keepalive-share-vars"] = enableAnnotation
f.UpdateIngress(ing)
f.WaitForNginxServer("",
@ -670,7 +674,7 @@ http {
})
ginkgo.Context("when external authentication is configured with a custom redirect param", func() {
host := "auth"
host := authHost
var annotations map[string]string
var ing *networking.Ingress
@ -715,7 +719,7 @@ http {
annotations["nginx.ingress.kubernetes.io/auth-realm"] = "test auth"
f.UpdateIngress(ing)
anotherHost := "different"
anotherHost := differentHost
anotherAnnotations := map[string]string{}
anotherIng := framework.NewSingleIngress(anotherHost, "/", anotherHost, f.Namespace, framework.EchoService, 80, anotherAnnotations)
@ -735,8 +739,8 @@ http {
})
ginkgo.Context("when external authentication with caching is configured", func() {
thisHost := "auth"
thatHost := "different"
thisHost := authHost
thatHost := differentHost
fooPath := "/foo"
barPath := "/bar"
@ -858,7 +862,7 @@ http {
})
ginkgo.Context("with invalid auth-url should deny whole location", func() {
host := "auth"
host := authHost
var annotations map[string]string
var ing *networking.Ingress
@ -898,7 +902,6 @@ http {
// Auth error
func buildSecret(username, password, name, namespace string) *corev1.Secret {
//out, err := exec.Command("openssl", "passwd", "-crypt", password).CombinedOutput()
out, err := bcrypt.GenerateFromPassword([]byte(password), 14)
encpass := fmt.Sprintf("%v:%s\n", username, out)
assert.Nil(ginkgo.GinkgoT(), err)
@ -917,7 +920,6 @@ func buildSecret(username, password, name, namespace string) *corev1.Secret {
}
func buildMapSecret(username, password, name, namespace string) *corev1.Secret {
//out, err := exec.Command("openssl", "passwd", "-crypt", password).CombinedOutput()
out, err := bcrypt.GenerateFromPassword([]byte(password), 14)
assert.Nil(ginkgo.GinkgoT(), err)
@ -928,7 +930,7 @@ func buildMapSecret(username, password, name, namespace string) *corev1.Secret {
DeletionGracePeriodSeconds: framework.NewInt64(1),
},
Data: map[string][]byte{
username: []byte(out),
username: out,
},
Type: corev1.SecretTypeOpaque,
}