Create custom annotation for satisfy "value"

2019-02-11 16:34:55 -05:00 · 2019-02-11 16:34:55 -05:00 · ec04852526
commit ec04852526
parent 784d57ea69
9 changed files with 249 additions and 0 deletions
--- a/internal/ingress/annotations/annotations.go
+++ b/internal/ingress/annotations/annotations.go
@ -49,6 +49,7 @@ import (
 	"k8s.io/ingress-nginx/internal/ingress/annotations/ratelimit"
 	"k8s.io/ingress-nginx/internal/ingress/annotations/redirect"
 	"k8s.io/ingress-nginx/internal/ingress/annotations/rewrite"
+	"k8s.io/ingress-nginx/internal/ingress/annotations/satisfy"
 	"k8s.io/ingress-nginx/internal/ingress/annotations/secureupstream"
 	"k8s.io/ingress-nginx/internal/ingress/annotations/serversnippet"
 	"k8s.io/ingress-nginx/internal/ingress/annotations/serviceupstream"
@ -86,6 +87,7 @@ type Ingress struct {
 	RateLimit            ratelimit.Config
 	Redirect             redirect.Config
 	Rewrite              rewrite.Config
+	Satisfy              string
 	SecureUpstream       secureupstream.Config
 	ServerSnippet        string
 	ServiceUpstream      bool
@ -129,6 +131,7 @@ func NewAnnotationExtractor(cfg resolver.Resolver) Extractor {
 			"RateLimit":            ratelimit.NewParser(cfg),
 			"Redirect":             redirect.NewParser(cfg),
 			"Rewrite":              rewrite.NewParser(cfg),
+			"Satisfy":              satisfy.NewParser(cfg),
 			"SecureUpstream":       secureupstream.NewParser(cfg),
 			"ServerSnippet":        serversnippet.NewParser(cfg),
 			"ServiceUpstream":      serviceupstream.NewParser(cfg),
--- a/internal/ingress/annotations/satisfy/main.go
+++ b/internal/ingress/annotations/satisfy/main.go
@ -0,0 +1,43 @@
+/*
+Copyright 2019 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package satisfy
+
+import (
+	extensions "k8s.io/api/extensions/v1beta1"
+
+	"k8s.io/ingress-nginx/internal/ingress/annotations/parser"
+	"k8s.io/ingress-nginx/internal/ingress/resolver"
+)
+
+type satisfy struct {
+	r resolver.Resolver
+}
+
+// NewParser creates a new SATISFY annotation parser
+func NewParser(r resolver.Resolver) parser.IngressAnnotation {
+	return satisfy{r}
+}
+
+// Parse parses annotation contained in the ingress
+func (s satisfy) Parse(ing *extensions.Ingress) (interface{}, error) {
+	satisfy, err := parser.GetStringAnnotation("satisfy", ing)
+	if err != nil || satisfy != "any" {
+		satisfy = "all"
+	}
+
+	return satisfy, nil
+}
--- a/internal/ingress/annotations/satisfy/main_test.go
+++ b/internal/ingress/annotations/satisfy/main_test.go
@ -0,0 +1,95 @@
+/*
+Copyright 2019 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package satisfy
+
+import (
+	"testing"
+
+	api "k8s.io/api/core/v1"
+	extensions "k8s.io/api/extensions/v1beta1"
+	meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+
+	"k8s.io/apimachinery/pkg/util/intstr"
+	"k8s.io/ingress-nginx/internal/ingress/annotations/parser"
+	"k8s.io/ingress-nginx/internal/ingress/resolver"
+)
+
+func buildIngress() *extensions.Ingress {
+	defaultBackend := extensions.IngressBackend{
+		ServiceName: "default-backend",
+		ServicePort: intstr.FromInt(80),
+	}
+
+	return &extensions.Ingress{
+		ObjectMeta: meta_v1.ObjectMeta{
+			Name:      "fake",
+			Namespace: api.NamespaceDefault,
+		},
+		Spec: extensions.IngressSpec{
+			Backend: &extensions.IngressBackend{
+				ServiceName: "default-backend",
+				ServicePort: intstr.FromInt(80),
+			},
+			Rules: []extensions.IngressRule{
+				{
+					Host: "fake.host.com",
+					IngressRuleValue: extensions.IngressRuleValue{
+						HTTP: &extensions.HTTPIngressRuleValue{
+							Paths: []extensions.HTTPIngressPath{
+								{
+									Path:    "/fake",
+									Backend: defaultBackend,
+								},
+							},
+						},
+					},
+				},
+			},
+		},
+	}
+}
+
+func TestSatisfyParser(t *testing.T) {
+	ing := buildIngress()
+
+	data := map[string]string{
+		"any":     "any",
+		"all":     "all",
+		"invalid": "all",
+	}
+
+	annotations := map[string]string{}
+
+	for input, expected := range data {
+		annotations[parser.GetAnnotationWithPrefix("satisfy")] = input
+		ing.SetAnnotations(annotations)
+
+		satisfyt, err := NewParser(&resolver.Mock{}).Parse(ing)
+		if err != nil {
+			t.Errorf("error parsing annotations: %v", err)
+		}
+
+		val, ok := satisfyt.(string)
+		if !ok {
+			t.Errorf("expected a string type but return %t", satisfyt)
+		}
+
+		if val != expected {
+			t.Errorf("expected %v but returned %v", expected, val)
+		}
+	}
+}
--- a/internal/ingress/controller/controller.go
+++ b/internal/ingress/controller/controller.go
@ -484,6 +484,7 @@ func (n *NGINXController) getBackendServers(ingresses []*ingress.Ingress) ([]*in
 						loc.BackendProtocol = anns.BackendProtocol
 						loc.CustomHTTPErrors = anns.CustomHTTPErrors
 						loc.ModSecurity = anns.ModSecurity
+						loc.Satisfy = anns.Satisfy

 						if loc.Redirect.FromToWWW {
 							server.RedirectFromToWWW = true
@ -526,6 +527,7 @@ func (n *NGINXController) getBackendServers(ingresses []*ingress.Ingress) ([]*in
 						BackendProtocol:      anns.BackendProtocol,
 						CustomHTTPErrors:     anns.CustomHTTPErrors,
 						ModSecurity:          anns.ModSecurity,
+						Satisfy:              anns.Satisfy,
 					}

 					if loc.Redirect.FromToWWW {
--- a/internal/ingress/types.go
+++ b/internal/ingress/types.go
@ -308,6 +308,8 @@ type Location struct {
 	// ModSecurity allows to enable and configure modsecurity
 	// +optional
 	ModSecurity modsecurity.Config `json:"modsecurity"`
+	// Satisfy dictates allow access if any or all is set
+	Satisfy string `json:"satisfy"`
 }

 // SSLPassthroughBackend describes a SSL upstream server configured
--- a/internal/ingress/types_equals.go
+++ b/internal/ingress/types_equals.go
@ -469,6 +469,10 @@ func (l1 *Location) Equal(l2 *Location) bool {
 		return false
 	}

+	if l1.Satisfy != l2.Satisfy {
+		return false
+	}
+
 	return true
 }