Implement annotation validation (#9673)

* Add validation to all annotations * Add annotation validation for fcgi * Fix reviews and fcgi e2e * Add flag to disable cross namespace validation * Add risk, flag for validation, tests * Add missing formating * Enable validation by default on tests * Test validation flag * remove ajp from list * Finalize validation changes * Add validations to CI * Update helm docs * Fix code review * Use a better name for annotation risk
2023-07-22 00:32:07 -03:00 · 2023-07-22 00:32:07 -03:00 · c5f348ea2e
commit c5f348ea2e
parent 86c00a2310
109 changed files with 4320 additions and 586 deletions
--- a/internal/ingress/annotations/cors/main_test.go
+++ b/internal/ingress/annotations/cors/main_test.go
@ -75,13 +75,13 @@ func TestIngressCorsConfigValid(t *testing.T) {
 	data := map[string]string{}

 	// Valid
-	data[parser.GetAnnotationWithPrefix("enable-cors")] = "true"
-	data[parser.GetAnnotationWithPrefix("cors-allow-headers")] = "DNT,X-CustomHeader, Keep-Alive,User-Agent"
-	data[parser.GetAnnotationWithPrefix("cors-allow-credentials")] = "false"
-	data[parser.GetAnnotationWithPrefix("cors-allow-methods")] = "GET, PATCH"
-	data[parser.GetAnnotationWithPrefix("cors-allow-origin")] = "https://origin123.test.com:4443"
-	data[parser.GetAnnotationWithPrefix("cors-expose-headers")] = "*, X-CustomResponseHeader"
-	data[parser.GetAnnotationWithPrefix("cors-max-age")] = "600"
+	data[parser.GetAnnotationWithPrefix(corsEnableAnnotation)] = "true"
+	data[parser.GetAnnotationWithPrefix(corsAllowHeadersAnnotation)] = "DNT,X-CustomHeader, Keep-Alive,User-Agent"
+	data[parser.GetAnnotationWithPrefix(corsAllowCredentialsAnnotation)] = "false"
+	data[parser.GetAnnotationWithPrefix(corsAllowMethodsAnnotation)] = "GET, PATCH"
+	data[parser.GetAnnotationWithPrefix(corsAllowOriginAnnotation)] = "https://origin123.test.com:4443"
+	data[parser.GetAnnotationWithPrefix(corsExposeHeadersAnnotation)] = "*, X-CustomResponseHeader"
+	data[parser.GetAnnotationWithPrefix(corsMaxAgeAnnotation)] = "600"
 	ing.SetAnnotations(data)

 	corst, err := NewParser(&resolver.Mock{}).Parse(ing)
@ -95,31 +95,31 @@ func TestIngressCorsConfigValid(t *testing.T) {
 	}

 	if !nginxCors.CorsEnabled {
-		t.Errorf("expected %v but returned %v", data[parser.GetAnnotationWithPrefix("enable-cors")], nginxCors.CorsEnabled)
+		t.Errorf("expected %v but returned %v", data[parser.GetAnnotationWithPrefix(corsEnableAnnotation)], nginxCors.CorsEnabled)
 	}

 	if nginxCors.CorsAllowCredentials {
-		t.Errorf("expected %v but returned %v", data[parser.GetAnnotationWithPrefix("cors-allow-credentials")], nginxCors.CorsAllowCredentials)
+		t.Errorf("expected %v but returned %v", data[parser.GetAnnotationWithPrefix(corsAllowCredentialsAnnotation)], nginxCors.CorsAllowCredentials)
 	}

 	if nginxCors.CorsAllowHeaders != "DNT,X-CustomHeader, Keep-Alive,User-Agent" {
-		t.Errorf("expected %v but returned %v", data[parser.GetAnnotationWithPrefix("cors-allow-headers")], nginxCors.CorsAllowHeaders)
+		t.Errorf("expected %v but returned %v", data[parser.GetAnnotationWithPrefix(corsAllowHeadersAnnotation)], nginxCors.CorsAllowHeaders)
 	}

 	if nginxCors.CorsAllowMethods != "GET, PATCH" {
-		t.Errorf("expected %v but returned %v", data[parser.GetAnnotationWithPrefix("cors-allow-methods")], nginxCors.CorsAllowMethods)
+		t.Errorf("expected %v but returned %v", data[parser.GetAnnotationWithPrefix(corsAllowMethodsAnnotation)], nginxCors.CorsAllowMethods)
 	}

 	if nginxCors.CorsAllowOrigin[0] != "https://origin123.test.com:4443" {
-		t.Errorf("expected %v but returned %v", data[parser.GetAnnotationWithPrefix("cors-allow-origin")], nginxCors.CorsAllowOrigin)
+		t.Errorf("expected %v but returned %v", data[parser.GetAnnotationWithPrefix(corsAllowOriginAnnotation)], nginxCors.CorsAllowOrigin)
 	}

 	if nginxCors.CorsExposeHeaders != "*, X-CustomResponseHeader" {
-		t.Errorf("expected %v but returned %v", data[parser.GetAnnotationWithPrefix("cors-expose-headers")], nginxCors.CorsExposeHeaders)
+		t.Errorf("expected %v but returned %v", data[parser.GetAnnotationWithPrefix(corsExposeHeadersAnnotation)], nginxCors.CorsExposeHeaders)
 	}

 	if nginxCors.CorsMaxAge != 600 {
-		t.Errorf("expected %v but returned %v", data[parser.GetAnnotationWithPrefix("cors-max-age")], nginxCors.CorsMaxAge)
+		t.Errorf("expected %v but returned %v", data[parser.GetAnnotationWithPrefix(corsMaxAgeAnnotation)], nginxCors.CorsMaxAge)
 	}
 }

@ -129,13 +129,13 @@ func TestIngressCorsConfigInvalid(t *testing.T) {
 	data := map[string]string{}

 	// Valid
-	data[parser.GetAnnotationWithPrefix("enable-cors")] = "yes"
-	data[parser.GetAnnotationWithPrefix("cors-allow-headers")] = "@alright, #ingress"
-	data[parser.GetAnnotationWithPrefix("cors-allow-credentials")] = "no"
-	data[parser.GetAnnotationWithPrefix("cors-allow-methods")] = "GET, PATCH, $nginx"
-	data[parser.GetAnnotationWithPrefix("cors-allow-origin")] = "origin123.test.com:4443"
-	data[parser.GetAnnotationWithPrefix("cors-expose-headers")] = "@alright, #ingress"
-	data[parser.GetAnnotationWithPrefix("cors-max-age")] = "abcd"
+	data[parser.GetAnnotationWithPrefix(corsEnableAnnotation)] = "yes"
+	data[parser.GetAnnotationWithPrefix(corsAllowHeadersAnnotation)] = "@alright, #ingress"
+	data[parser.GetAnnotationWithPrefix(corsAllowCredentialsAnnotation)] = "no"
+	data[parser.GetAnnotationWithPrefix(corsAllowMethodsAnnotation)] = "GET, PATCH, $nginx"
+	data[parser.GetAnnotationWithPrefix(corsAllowOriginAnnotation)] = "origin123.test.com:4443"
+	data[parser.GetAnnotationWithPrefix(corsExposeHeadersAnnotation)] = "@alright, #ingress"
+	data[parser.GetAnnotationWithPrefix(corsMaxAgeAnnotation)] = "abcd"
 	ing.SetAnnotations(data)

 	corst, err := NewParser(&resolver.Mock{}).Parse(ing)