merge from master

internal/ingress/annotations/backendprotocol/main.go

@@ -27,6 +27,9 @@ import (
 	"k8s.io/ingress-nginx/internal/ingress/resolver"
 )
 
+// HTTP protocol
+const HTTP = "HTTP"
+
 var (
 	validProtocols = regexp.MustCompile(`^(HTTP|HTTPS|AJP|GRPC|GRPCS)$`)
 )
@@ -44,18 +47,18 @@ func NewParser(r resolver.Resolver) parser.IngressAnnotation {
 // rule used to indicate the backend protocol.
 func (a backendProtocol) Parse(ing *extensions.Ingress) (interface{}, error) {
 	if ing.GetAnnotations() == nil {
-		return "HTTP", nil
+		return HTTP, nil
 	}
 
 	proto, err := parser.GetStringAnnotation("backend-protocol", ing)
 	if err != nil {
-		return "HTTP", nil
+		return HTTP, nil
 	}
 
 	proto = strings.TrimSpace(strings.ToUpper(proto))
 	if !validProtocols.MatchString(proto) {
 		glog.Warningf("Protocol %v is not a valid value for the backend-protocol annotation. Using HTTP as protocol", proto)
-		return "HTTP", nil
+		return HTTP, nil
 	}
 
 	return proto, nil

internal/ingress/annotations/luarestywaf/main.go

@@ -31,10 +31,13 @@ var luaRestyWAFModes = map[string]bool{"ACTIVE": true, "INACTIVE": true, "SIMULA
 
 // Config returns lua-resty-waf configuration for an Ingress rule
 type Config struct {
-	Mode               string   `json:"mode"`
-	Debug              bool     `json:"debug"`
-	IgnoredRuleSets    []string `json:"ignored-rulesets"`
-	ExtraRulesetString string   `json:"extra-ruleset-string"`
+	Mode                     string   `json:"mode"`
+	Debug                    bool     `json:"debug"`
+	IgnoredRuleSets          []string `json:"ignored-rulesets"`
+	ExtraRulesetString       string   `json:"extra-ruleset-string"`
+	ScoreThreshold           int      `json:"score-threshold"`
+	AllowUnknownContentTypes bool     `json:"allow-unknown-content-types"`
+	ProcessMultipartBody     bool     `json:"process-multipart-body"`
 }
 
 // Equal tests for equality between two Config types
@@ -57,6 +60,15 @@ func (e1 *Config) Equal(e2 *Config) bool {
 	if e1.ExtraRulesetString != e2.ExtraRulesetString {
 		return false
 	}
+	if e1.ScoreThreshold != e2.ScoreThreshold {
+		return false
+	}
+	if e1.AllowUnknownContentTypes != e2.AllowUnknownContentTypes {
+		return false
+	}
+	if e1.ProcessMultipartBody != e2.ProcessMultipartBody {
+		return false
+	}
 
 	return true
 }
@@ -95,10 +107,22 @@ func (a luarestywaf) Parse(ing *extensions.Ingress) (interface{}, error) {
 	// TODO(elvinefendi) maybe validate the ruleset string here
 	extraRulesetString, _ := parser.GetStringAnnotation("lua-resty-waf-extra-rules", ing)
 
+	scoreThreshold, _ := parser.GetIntAnnotation("lua-resty-waf-score-threshold", ing)
+
+	allowUnknownContentTypes, _ := parser.GetBoolAnnotation("lua-resty-waf-allow-unknown-content-types", ing)
+
+	processMultipartBody, err := parser.GetBoolAnnotation("lua-resty-waf-process-multipart-body", ing)
+	if err != nil {
+		processMultipartBody = true
+	}
+
 	return &Config{
-		Mode:               mode,
-		Debug:              debug,
-		IgnoredRuleSets:    ignoredRuleSets,
-		ExtraRulesetString: extraRulesetString,
+		Mode:                     mode,
+		Debug:                    debug,
+		IgnoredRuleSets:          ignoredRuleSets,
+		ExtraRulesetString:       extraRulesetString,
+		ScoreThreshold:           scoreThreshold,
+		AllowUnknownContentTypes: allowUnknownContentTypes,
+		ProcessMultipartBody:     processMultipartBody,
 	}, nil
 }

internal/ingress/annotations/luarestywaf/main_test.go

@@ -30,6 +30,9 @@ func TestParse(t *testing.T) {
 	luaRestyWAFAnnotation := parser.GetAnnotationWithPrefix("lua-resty-waf")
 	luaRestyWAFDebugAnnotation := parser.GetAnnotationWithPrefix("lua-resty-waf-debug")
 	luaRestyWAFIgnoredRuleSetsAnnotation := parser.GetAnnotationWithPrefix("lua-resty-waf-ignore-rulesets")
+	luaRestyWAFScoreThresholdAnnotation := parser.GetAnnotationWithPrefix("lua-resty-waf-score-threshold")
+	luaRestyWAFAllowUnknownContentTypesAnnotation := parser.GetAnnotationWithPrefix("lua-resty-waf-allow-unknown-content-types")
+	luaRestyWAFProcessMultipartBody := parser.GetAnnotationWithPrefix("lua-resty-waf-process-multipart-body")
 
 	ap := NewParser(&resolver.Mock{})
 	if ap == nil {
@@ -43,21 +46,25 @@ func TestParse(t *testing.T) {
 		{nil, &Config{}},
 		{map[string]string{}, &Config{}},
 
-		{map[string]string{luaRestyWAFAnnotation: "active"}, &Config{Mode: "ACTIVE", Debug: false, IgnoredRuleSets: []string{}}},
+		{map[string]string{luaRestyWAFAnnotation: "active"}, &Config{Mode: "ACTIVE", Debug: false, IgnoredRuleSets: []string{}, ProcessMultipartBody: true}},
 		{map[string]string{luaRestyWAFDebugAnnotation: "true"}, &Config{Debug: false}},
 
-		{map[string]string{luaRestyWAFAnnotation: "active", luaRestyWAFDebugAnnotation: "true"}, &Config{Mode: "ACTIVE", Debug: true, IgnoredRuleSets: []string{}}},
-		{map[string]string{luaRestyWAFAnnotation: "active", luaRestyWAFDebugAnnotation: "false"}, &Config{Mode: "ACTIVE", Debug: false, IgnoredRuleSets: []string{}}},
-		{map[string]string{luaRestyWAFAnnotation: "inactive", luaRestyWAFDebugAnnotation: "true"}, &Config{Mode: "INACTIVE", Debug: true, IgnoredRuleSets: []string{}}},
+		{map[string]string{luaRestyWAFAnnotation: "active", luaRestyWAFDebugAnnotation: "true"}, &Config{Mode: "ACTIVE", Debug: true, IgnoredRuleSets: []string{}, ProcessMultipartBody: true}},
+		{map[string]string{luaRestyWAFAnnotation: "active", luaRestyWAFDebugAnnotation: "false"}, &Config{Mode: "ACTIVE", Debug: false, IgnoredRuleSets: []string{}, ProcessMultipartBody: true}},
+		{map[string]string{luaRestyWAFAnnotation: "inactive", luaRestyWAFDebugAnnotation: "true"}, &Config{Mode: "INACTIVE", Debug: true, IgnoredRuleSets: []string{}, ProcessMultipartBody: true}},
 
 		{map[string]string{
-			luaRestyWAFAnnotation:                "active",
-			luaRestyWAFDebugAnnotation:           "true",
-			luaRestyWAFIgnoredRuleSetsAnnotation: "ruleset1, ruleset2 ruleset3,   another.ruleset"},
-			&Config{Mode: "ACTIVE", Debug: true, IgnoredRuleSets: []string{"ruleset1", "ruleset2", "ruleset3", "another.ruleset"}}},
+			luaRestyWAFAnnotation:                         "active",
+			luaRestyWAFDebugAnnotation:                    "true",
+			luaRestyWAFIgnoredRuleSetsAnnotation:          "ruleset1, ruleset2 ruleset3,   another.ruleset",
+			luaRestyWAFScoreThresholdAnnotation:           "10",
+			luaRestyWAFAllowUnknownContentTypesAnnotation: "true"},
+			&Config{Mode: "ACTIVE", Debug: true, IgnoredRuleSets: []string{"ruleset1", "ruleset2", "ruleset3", "another.ruleset"}, ScoreThreshold: 10, AllowUnknownContentTypes: true, ProcessMultipartBody: true}},
 
-		{map[string]string{luaRestyWAFAnnotation: "siMulate", luaRestyWAFDebugAnnotation: "true"}, &Config{Mode: "SIMULATE", Debug: true, IgnoredRuleSets: []string{}}},
+		{map[string]string{luaRestyWAFAnnotation: "siMulate", luaRestyWAFDebugAnnotation: "true"}, &Config{Mode: "SIMULATE", Debug: true, IgnoredRuleSets: []string{}, ProcessMultipartBody: true}},
 		{map[string]string{luaRestyWAFAnnotation: "siMulateX", luaRestyWAFDebugAnnotation: "true"}, &Config{Debug: false}},
+
+		{map[string]string{luaRestyWAFAnnotation: "active", luaRestyWAFProcessMultipartBody: "false"}, &Config{Mode: "ACTIVE", ProcessMultipartBody: false, IgnoredRuleSets: []string{}}},
 	}
 
 	ing := &extensions.Ingress{

internal/ingress/annotations/rewrite/main.go

@@ -39,7 +39,7 @@ type Config struct {
 	// AppRoot defines the Application Root that the Controller must redirect if it's in '/' context
 	AppRoot string `json:"appRoot"`
 	// UseRegex indicates whether or not the locations use regex paths
-	UseRegex bool `json:useRegex`
+	UseRegex bool `json:"useRegex"`
 }
 
 // Equal tests for equality between two Redirect types

internal/ingress/annotations/rewrite/main_test.go

@@ -191,7 +191,7 @@ func TestUseRegex(t *testing.T) {
 	if !ok {
 		t.Errorf("expected a App Context")
 	}
-	if redirect.UseRegex != true {
+	if !redirect.UseRegex {
 		t.Errorf("Unexpected value got in UseRegex")
 	}
 }