Implement annotation validation (#9673)

* Add validation to all annotations * Add annotation validation for fcgi * Fix reviews and fcgi e2e * Add flag to disable cross namespace validation * Add risk, flag for validation, tests * Add missing formating * Enable validation by default on tests * Test validation flag * remove ajp from list * Finalize validation changes * Add validations to CI * Update helm docs * Fix code review * Use a better name for annotation risk
2023-07-22 00:32:07 -03:00 · 2023-07-22 00:32:07 -03:00 · c5f348ea2e
commit c5f348ea2e
parent 86c00a2310
109 changed files with 4320 additions and 586 deletions
--- a/rootfs/etc/nginx/template/nginx.tmpl
+++ b/rootfs/etc/nginx/template/nginx.tmpl
@ -548,14 +548,14 @@ http {

    {{ range $rl := (filterRateLimits $servers ) }}
    # Ratelimit {{ $rl.Name }}
-    geo $remote_addr $whitelist_{{ $rl.ID }} {
+    geo $remote_addr $allowlist_{{ $rl.ID }} {
        default 0;
-        {{ range $ip := $rl.Whitelist }}
+        {{ range $ip := $rl.Allowlist }}
        {{ $ip }} 1;{{ end }}
    }

    # Ratelimit {{ $rl.Name }}
-    map $whitelist_{{ $rl.ID }} $limit_{{ $rl.ID }} {
+    map $allowlist_{{ $rl.ID }} $limit_{{ $rl.ID }} {
        0 {{ $cfg.LimitConnZoneVariable }};
        1 "";
    }
@ -1312,8 +1312,8 @@ stream {
            {{ range $ip := $location.Denylist.CIDR }}
            deny {{ $ip }};{{ end }}
            {{ end }}
-            {{ if gt (len $location.Whitelist.CIDR) 0 }}
-            {{ range $ip := $location.Whitelist.CIDR }}
+            {{ if gt (len $location.Allowlist.CIDR) 0 }}
+            {{ range $ip := $location.Allowlist.CIDR }}
            allow {{ $ip }};{{ end }}
            deny all;
            {{ end }}