ingress-nginx-helm/cmd/plugin/lints/ingress.go

/*
Copyright 2019 The Kubernetes Authors.

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

    http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/

package lints

import (
	"fmt"
	"strings"

	"k8s.io/api/extensions/v1beta1"
	kmeta "k8s.io/apimachinery/pkg/apis/meta/v1"
	"k8s.io/ingress-nginx/cmd/plugin/util"
)

// IngressLint is a validation for an ingress
type IngressLint struct {
	message string
	issue   int
	version string
	f       func(ing v1beta1.Ingress) bool
}

// Check returns true if the lint detects an issue
func (lint IngressLint) Check(obj kmeta.Object) bool {
	ing := obj.(*v1beta1.Ingress)
	return lint.f(*ing)
}

// Message is a description of the lint
func (lint IngressLint) Message() string {
	return lint.message
}

// Link is a URL to the issue or PR explaining the lint
func (lint IngressLint) Link() string {
	if lint.issue > 0 {
		return fmt.Sprintf("%v%v", util.IssuePrefix, lint.issue)
	}

	return ""
}

// Version is the ingress-nginx version the lint was added for, or the empty string
func (lint IngressLint) Version() string {
	return lint.version
}

// GetIngressLints retuns all of the lints for ingresses
func GetIngressLints() []IngressLint {
	return []IngressLint{
		removedAnnotation("add-base-url", 3174, "0.22.0"),
		removedAnnotation("base-url-scheme", 3174, "0.22.0"),
		removedAnnotation("session-cookie-hash", 3743, "0.24.0"),
		{
			message: "The rewrite-target annotation value does not reference a capture group",
			issue:   3174,
			version: "0.22.0",
			f:       rewriteTargetWithoutCaptureGroup,
		},
		{
			message: "Contains an annotation with the prefix 'nginx.org'. This is a prefix for https://github.com/nginxinc/kubernetes-ingress",
			f:       annotationPrefixIsNginxOrg,
		},
		{
			message: "Contains an annotation with the prefix 'nginx.com'. This is a prefix for https://github.com/nginxinc/kubernetes-ingress",
			f:       annotationPrefixIsNginxCom,
		},
		{
			message: "The x-forwarded-prefix annotation value is a boolean instead of a string",
			issue:   3786,
			version: "0.24.0",
			f:       xForwardedPrefixIsBool,
		},
	}
}

func xForwardedPrefixIsBool(ing v1beta1.Ingress) bool {
	for name, val := range ing.Annotations {
		if strings.HasSuffix(name, "/x-forwarded-prefix") && (val == "true" || val == "false") {
			return true
		}
	}
	return false
}

func annotationPrefixIsNginxCom(ing v1beta1.Ingress) bool {
	for name := range ing.Annotations {
		if strings.HasPrefix(name, "nginx.com/") {
			return true
		}
	}
	return false
}

func annotationPrefixIsNginxOrg(ing v1beta1.Ingress) bool {
	for name := range ing.Annotations {
		if strings.HasPrefix(name, "nginx.org/") {
			return true
		}
	}
	return false
}

func rewriteTargetWithoutCaptureGroup(ing v1beta1.Ingress) bool {
	for name, val := range ing.Annotations {
		if strings.HasSuffix(name, "/rewrite-target") && !strings.Contains(val, "$1") {
			return true
		}
	}
	return false
}

func removedAnnotation(annotationName string, issueNumber int, version string) IngressLint {
	return IngressLint{
		message: fmt.Sprintf("Contains the removed %v annotation.", annotationName),
		issue:   issueNumber,
		version: version,
		f: func(ing v1beta1.Ingress) bool {
			for annotation := range ing.Annotations {
				if strings.HasSuffix(annotation, "/"+annotationName) {
					return true
				}
			}
			return false
		},
	}
}