Validate path types (#9967)

* Validate path types * Fix the year of header * Update internal/ingress/controller/config/config.go Co-authored-by: Jintao Zhang <tao12345666333@163.com> --------- Co-authored-by: Jintao Zhang <tao12345666333@163.com>
2023-05-20 08:58:18 -03:00 · 2023-05-20 08:58:18 -03:00 · c540b58474
commit c540b58474
parent 0dd1cf7460
7 changed files with 296 additions and 0 deletions
--- a/test/e2e/admission/admission.go
+++ b/test/e2e/admission/admission.go
@ -30,6 +30,8 @@ import (
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"

 	"k8s.io/ingress-nginx/test/e2e/framework"
+
+	networking "k8s.io/api/networking/v1"
 )

 var _ = framework.IngressNginxDescribeSerial("[Admission] admission controller", func() {
@ -161,6 +163,41 @@ var _ = framework.IngressNginxDescribeSerial("[Admission] admission controller",
 		assert.NotNil(ginkgo.GinkgoT(), err, "creating an ingress with invalid annotation value should return an error")
 	})

+	ginkgo.It("should return an error if there is an invalid path and wrong pathType is set", func() {
+		host := "path-validation"
+		var (
+			exactPathType  = networking.PathTypeExact
+			prefixPathType = networking.PathTypePrefix
+			implSpecific   = networking.PathTypeImplementationSpecific
+		)
+
+		f.UpdateNginxConfigMapData("strict-validate-path-type", "true")
+
+		invalidPath := framework.NewSingleIngress("first-ingress", "/foo/bar/[a-z]{3}", host, f.Namespace, framework.EchoService, 80, nil)
+		invalidPath.Spec.Rules[0].IngressRuleValue.HTTP.Paths[0].PathType = &exactPathType
+
+		_, err := f.KubeClientSet.NetworkingV1().Ingresses(f.Namespace).Create(context.TODO(), invalidPath, metav1.CreateOptions{})
+		assert.NotNil(ginkgo.GinkgoT(), err, "creating an ingress with invalid path value should return an error")
+
+		invalidPath.Spec.Rules[0].IngressRuleValue.HTTP.Paths[0].PathType = &prefixPathType
+		_, err = f.KubeClientSet.NetworkingV1().Ingresses(f.Namespace).Create(context.TODO(), invalidPath, metav1.CreateOptions{})
+		assert.NotNil(ginkgo.GinkgoT(), err, "creating an ingress with invalid path value should return an error")
+
+		annotations := map[string]string{
+			"nginx.ingress.kubernetes.io/use-regex":      "true",
+			"nginx.ingress.kubernetes.io/rewrite-target": "/new/backend",
+		}
+		pathSpecific := framework.NewSingleIngress("pathspec-ingress", "/foo/bar/[a-z]{3}", host, f.Namespace, framework.EchoService, 80, annotations)
+		pathSpecific.Spec.Rules[0].IngressRuleValue.HTTP.Paths[0].PathType = &implSpecific
+		_, err = f.KubeClientSet.NetworkingV1().Ingresses(f.Namespace).Create(context.TODO(), pathSpecific, metav1.CreateOptions{})
+		assert.Nil(ginkgo.GinkgoT(), err, "creating an ingress with arbitrary path and implSpecific value should not return an error")
+
+		validPath := framework.NewSingleIngress("second-ingress", "/bloblo", host, f.Namespace, framework.EchoService, 80, nil)
+		_, err = f.KubeClientSet.NetworkingV1().Ingresses(f.Namespace).Create(context.TODO(), validPath, metav1.CreateOptions{})
+		assert.Nil(ginkgo.GinkgoT(), err, "creating an ingress with valid path should not return an error")
+
+	})
+
 	ginkgo.It("should not return an error if the Ingress V1 definition is valid with Ingress Class", func() {
 		out, err := createIngress(f.Namespace, validV1Ingress)
 		assert.Equal(ginkgo.GinkgoT(), "ingress.networking.k8s.io/extensions created\n", out)