Implement annotation validation (#9673)

* Add validation to all annotations

* Add annotation validation for fcgi

* Fix reviews and fcgi e2e

* Add flag to disable cross namespace validation

* Add risk, flag for validation, tests

* Add missing formating

* Enable validation by default on tests

* Test validation flag

* remove ajp from list

* Finalize validation changes

* Add validations to CI

* Update helm docs

* Fix code review

* Use a better name for annotation risk

internal/ingress/resolver/main.go

@@ -26,6 +26,9 @@ type Resolver interface {
 	// GetDefaultBackend returns the backend that must be used as default
 	GetDefaultBackend() defaults.Backend
 
+	// GetSecurityConfiguration returns the configuration options from Ingress
+	GetSecurityConfiguration() defaults.SecurityConfiguration
+
 	// GetConfigMap searches for configmap containing the namespace and name usting the character /
 	GetConfigMap(string) (*apiv1.ConfigMap, error)
 

internal/ingress/resolver/mock.go

@@ -26,7 +26,9 @@ import (
 
 // Mock implements the Resolver interface
 type Mock struct {
-	ConfigMaps map[string]*apiv1.ConfigMap
+	ConfigMaps           map[string]*apiv1.ConfigMap
+	AnnotationsRiskLevel string
+	AllowCrossNamespace  bool
 }
 
 // GetDefaultBackend returns the backend that must be used as default
@@ -34,6 +36,17 @@ func (m Mock) GetDefaultBackend() defaults.Backend {
 	return defaults.Backend{}
 }
 
+func (m Mock) GetSecurityConfiguration() defaults.SecurityConfiguration {
+	defRisk := m.AnnotationsRiskLevel
+	if defRisk == "" {
+		defRisk = "Critical"
+	}
+	return defaults.SecurityConfiguration{
+		AnnotationsRiskLevel:         defRisk,
+		AllowCrossNamespaceResources: m.AllowCrossNamespace,
+	}
+}
+
 // GetSecret searches for secrets contenating the namespace and name using a the character /
 func (m Mock) GetSecret(string) (*apiv1.Secret, error) {
 	return nil, nil