DevFW-CICD/ingress-nginx-helm
6
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Implement annotation validation (#9673)

Browse source 
* Add validation to all annotations

* Add annotation validation for fcgi

* Fix reviews and fcgi e2e

* Add flag to disable cross namespace validation

* Add risk, flag for validation, tests

* Add missing formating

* Enable validation by default on tests

* Test validation flag

* remove ajp from list

* Finalize validation changes

* Add validations to CI

* Update helm docs

* Fix code review

* Use a better name for annotation risk
This commit is contained in:
Ricardo Katz 2023-07-22 00:32:07 -03:00 committed by GitHub
parent 86c00a2310
commit c5f348ea2e
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
109 changed files with 4320 additions and 586 deletions
Download patch file Download diff file Expand all files Collapse all files

12
internal/ingress/defaults/main.go
View file

@ -170,3 +170,15 @@ type Backend struct {
// It disables that behavior and instead uses a single upstream in NGINX, the service's Cluster IP and port.
ServiceUpstream bool `json:"service-upstream"`
}
type SecurityConfiguration struct {
// AllowCrossNamespaceResources enables users to consume cross namespace resource on annotations
// Case disabled, attempts to use secrets or configmaps from a namespace different from Ingress will
// be denied
// This valid will default to `false` on future releases
AllowCrossNamespaceResources bool `json:"allow-cross-namespace-resources"`
// AnnotationsRiskLevel represents the risk accepted on an annotation. If the risk is, for instance `Medium`, annotations
// with risk High and Critical will not be accepted
AnnotationsRiskLevel string `json:"annotations-risk-level"`
}