DevFW-CICD/ingress-nginx-helm
6
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Implement annotation validation (#9673)

Browse source 
* Add validation to all annotations

* Add annotation validation for fcgi

* Fix reviews and fcgi e2e

* Add flag to disable cross namespace validation

* Add risk, flag for validation, tests

* Add missing formating

* Enable validation by default on tests

* Test validation flag

* remove ajp from list

* Finalize validation changes

* Add validations to CI

* Update helm docs

* Fix code review

* Use a better name for annotation risk
This commit is contained in:
Ricardo Katz 2023-07-22 00:32:07 -03:00 committed by GitHub
parent 86c00a2310
commit c5f348ea2e
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
109 changed files with 4320 additions and 586 deletions
Download patch file Download diff file Expand all files Collapse all files

4
test/e2e/annotations/fastcgi.go
View file

@ -75,7 +75,7 @@ var _ = framework.DescribeAnnotation("backend-protocol - FastCGI", func() {
Namespace: f.Namespace,
},
Data: map[string]string{
"SCRIPT_FILENAME": "/home/www/scripts/php$fastcgi_script_name",
"SCRIPT_FILENAME": "$fastcgi_script_name",
"REDIRECT_STATUS": "200",
},
}
@ -94,7 +94,7 @@ var _ = framework.DescribeAnnotation("backend-protocol - FastCGI", func() {
f.WaitForNginxServer(host,
func(server string) bool {
return strings.Contains(server, "fastcgi_param SCRIPT_FILENAME \"/home/www/scripts/php$fastcgi_script_name\";") &&
return strings.Contains(server, "fastcgi_param SCRIPT_FILENAME \"$fastcgi_script_name\";") &&
strings.Contains(server, "fastcgi_param REDIRECT_STATUS \"200\";")
})
})

10
test/e2e/annotations/ipwhitelist.go → test/e2e/annotations/ipallowlist.go
View file

@ -24,19 +24,19 @@ import (
"k8s.io/ingress-nginx/test/e2e/framework"
)
var _ = framework.DescribeAnnotation("whitelist-source-range", func() {
f := framework.NewDefaultFramework("ipwhitelist")
var _ = framework.DescribeAnnotation("allowlist-source-range", func() {
f := framework.NewDefaultFramework("ipallowlist")
ginkgo.BeforeEach(func() {
f.NewEchoDeployment()
})
ginkgo.It("should set valid ip whitelist range", func() {
host := "ipwhitelist.foo.com"
ginkgo.It("should set valid ip allowlist range", func() {
host := "ipallowlist.foo.com"
nameSpace := f.Namespace
annotations := map[string]string{
"nginx.ingress.kubernetes.io/whitelist-source-range": "18.0.0.0/8, 56.0.0.0/8",
"nginx.ingress.kubernetes.io/allowlist-source-range": "18.0.0.0/8, 56.0.0.0/8",
}
ing := framework.NewSingleIngress(host, "/", host, nameSpace, framework.EchoService, 80, annotations)