ingress-nginx-helm/internal/ingress/annotations/streamsnippet/main.go

/*
Copyright 2021 The Kubernetes Authors.

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

    http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/

package streamsnippet

import (
	networking "k8s.io/api/networking/v1"

	"k8s.io/ingress-nginx/internal/ingress/annotations/parser"
	"k8s.io/ingress-nginx/internal/ingress/resolver"
)

const (
	streamSnippetAnnotation = "stream-snippet"
)

var streamSnippetAnnotations = parser.Annotation{
	Group: "snippets",
	Annotations: parser.AnnotationFields{
		streamSnippetAnnotation: {
			Validator:     parser.ValidateNull,
			Scope:         parser.AnnotationScopeIngress,
			Risk:          parser.AnnotationRiskCritical, // Critical, this annotation is not validated at all and allows arbitrary configurations
			Documentation: `This annotation allows setting a custom NGINX configuration on a stream block. This annotation does not contain any validation and it's usage is not recommended!`,
		},
	},
}

type streamSnippet struct {
	r                resolver.Resolver
	annotationConfig parser.Annotation
}

// NewParser creates a new server snippet annotation parser
func NewParser(r resolver.Resolver) parser.IngressAnnotation {
	return streamSnippet{
		r:                r,
		annotationConfig: streamSnippetAnnotations,
	}
}

// Parse parses the annotations contained in the ingress rule
// used to indicate if the location/s contains a fragment of
// configuration to be included inside the paths of the rules
func (a streamSnippet) Parse(ing *networking.Ingress) (interface{}, error) {
	return parser.GetStringAnnotation("stream-snippet", ing, a.annotationConfig.Annotations)
}

func (a streamSnippet) GetDocumentation() parser.AnnotationFields {
	return a.annotationConfig.Annotations
}

func (a streamSnippet) Validate(anns map[string]string) error {
	maxrisk := parser.StringRiskToRisk(a.r.GetSecurityConfiguration().AnnotationsRiskLevel)
	return parser.CheckAnnotationRisk(anns, maxrisk, streamSnippetAnnotations.Annotations)
}
Add stream-snippet as a ConfigMap and Annotation option (#8029) * stream snippet * gofmt -s 2021-12-23 19:46:30 +00:00			`/*`
			`Copyright 2021 The Kubernetes Authors.`

			`Licensed under the Apache License, Version 2.0 (the "License");`
			`you may not use this file except in compliance with the License.`
			`You may obtain a copy of the License at`

			`http://www.apache.org/licenses/LICENSE-2.0`

			`Unless required by applicable law or agreed to in writing, software`
			`distributed under the License is distributed on an "AS IS" BASIS,`
			`WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.`
			`See the License for the specific language governing permissions and`
			`limitations under the License.`
			`*/`

			`package streamsnippet`

			`import (`
			`networking "k8s.io/api/networking/v1"`

			`"k8s.io/ingress-nginx/internal/ingress/annotations/parser"`
			`"k8s.io/ingress-nginx/internal/ingress/resolver"`
			`)`

Implement annotation validation (#9673) * Add validation to all annotations * Add annotation validation for fcgi * Fix reviews and fcgi e2e * Add flag to disable cross namespace validation * Add risk, flag for validation, tests * Add missing formating * Enable validation by default on tests * Test validation flag * remove ajp from list * Finalize validation changes * Add validations to CI * Update helm docs * Fix code review * Use a better name for annotation risk 2023-07-22 03:32:07 +00:00			`const (`
			`streamSnippetAnnotation = "stream-snippet"`
			`)`

			`var streamSnippetAnnotations = parser.Annotation{`
			`Group: "snippets",`
			`Annotations: parser.AnnotationFields{`
			`streamSnippetAnnotation: {`
			`Validator: parser.ValidateNull,`
			`Scope: parser.AnnotationScopeIngress,`
Fix minor typos (#11935) 2024-09-06 14:59:43 +00:00			`Risk: parser.AnnotationRiskCritical, // Critical, this annotation is not validated at all and allows arbitrary configurations`
Implement annotation validation (#9673) * Add validation to all annotations * Add annotation validation for fcgi * Fix reviews and fcgi e2e * Add flag to disable cross namespace validation * Add risk, flag for validation, tests * Add missing formating * Enable validation by default on tests * Test validation flag * remove ajp from list * Finalize validation changes * Add validations to CI * Update helm docs * Fix code review * Use a better name for annotation risk 2023-07-22 03:32:07 +00:00			Documentation: `This annotation allows setting a custom NGINX configuration on a stream block. This annotation does not contain any validation and it's usage is not recommended!`,
			`},`
			`},`
			`}`

Add stream-snippet as a ConfigMap and Annotation option (#8029) * stream snippet * gofmt -s 2021-12-23 19:46:30 +00:00			`type streamSnippet struct {`
Implement annotation validation (#9673) * Add validation to all annotations * Add annotation validation for fcgi * Fix reviews and fcgi e2e * Add flag to disable cross namespace validation * Add risk, flag for validation, tests * Add missing formating * Enable validation by default on tests * Test validation flag * remove ajp from list * Finalize validation changes * Add validations to CI * Update helm docs * Fix code review * Use a better name for annotation risk 2023-07-22 03:32:07 +00:00			`r resolver.Resolver`
			`annotationConfig parser.Annotation`
Add stream-snippet as a ConfigMap and Annotation option (#8029) * stream snippet * gofmt -s 2021-12-23 19:46:30 +00:00			`}`

			`// NewParser creates a new server snippet annotation parser`
			`func NewParser(r resolver.Resolver) parser.IngressAnnotation {`
Implement annotation validation (#9673) * Add validation to all annotations * Add annotation validation for fcgi * Fix reviews and fcgi e2e * Add flag to disable cross namespace validation * Add risk, flag for validation, tests * Add missing formating * Enable validation by default on tests * Test validation flag * remove ajp from list * Finalize validation changes * Add validations to CI * Update helm docs * Fix code review * Use a better name for annotation risk 2023-07-22 03:32:07 +00:00			`return streamSnippet{`
			`r: r,`
			`annotationConfig: streamSnippetAnnotations,`
			`}`
Add stream-snippet as a ConfigMap and Annotation option (#8029) * stream snippet * gofmt -s 2021-12-23 19:46:30 +00:00			`}`

			`// Parse parses the annotations contained in the ingress rule`
			`// used to indicate if the location/s contains a fragment of`
			`// configuration to be included inside the paths of the rules`
			`func (a streamSnippet) Parse(ing *networking.Ingress) (interface{}, error) {`
Implement annotation validation (#9673) * Add validation to all annotations * Add annotation validation for fcgi * Fix reviews and fcgi e2e * Add flag to disable cross namespace validation * Add risk, flag for validation, tests * Add missing formating * Enable validation by default on tests * Test validation flag * remove ajp from list * Finalize validation changes * Add validations to CI * Update helm docs * Fix code review * Use a better name for annotation risk 2023-07-22 03:32:07 +00:00			`return parser.GetStringAnnotation("stream-snippet", ing, a.annotationConfig.Annotations)`
			`}`

			`func (a streamSnippet) GetDocumentation() parser.AnnotationFields {`
			`return a.annotationConfig.Annotations`
			`}`

			`func (a streamSnippet) Validate(anns map[string]string) error {`
			`maxrisk := parser.StringRiskToRisk(a.r.GetSecurityConfiguration().AnnotationsRiskLevel)`
			`return parser.CheckAnnotationRisk(anns, maxrisk, streamSnippetAnnotations.Annotations)`
Add stream-snippet as a ConfigMap and Annotation option (#8029) * stream snippet * gofmt -s 2021-12-23 19:46:30 +00:00			`}`