Add tests to webhook
This commit is contained in:
Ricardo Pchevuzinske Katz
parent
b550d65943
commit
02a695bd62
4 changed files with 45 additions and 1 deletions
|
|
@ -305,6 +305,18 @@ func (n *NGINXController) CheckIngress(ing *networking.Ingress) error {
|
|||
|
||||
k8s.SetDefaultNGINXPathType(ing)
|
||||
|
||||
for _, rule := range ing.Spec.Rules {
|
||||
if rule.HTTP == nil {
|
||||
continue
|
||||
}
|
||||
|
||||
for _, path := range rule.HTTP.Paths {
|
||||
if !utilingress.IsSafePath(ing, path.Path) {
|
||||
return fmt.Errorf("ingress contains invalid path: %s", path.Path)
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
allIngresses := n.store.ListIngresses()
|
||||
|
||||
filter := func(toCheck *ingress.Ingress) bool {
|
||||
|
|
|
|||
|
|
@ -339,6 +339,23 @@ func TestCheckIngress(t *testing.T) {
|
|||
t.Errorf("with a new ingress without error, no error should be returned")
|
||||
}
|
||||
})
|
||||
|
||||
t.Run("When invalid path is passed to Ingress", func(t *testing.T) {
|
||||
nginx.store = fakeIngressStore{
|
||||
ingresses: []*ingress.Ingress{},
|
||||
}
|
||||
nginx.command = testNginxTestCommand{
|
||||
t: t,
|
||||
err: nil,
|
||||
}
|
||||
ing.Spec.Rules[0].HTTP.Paths = append(ing.Spec.Rules[0].HTTP.Paths, networking.HTTPIngressPath{
|
||||
Path: "/foo/bar/;xpto",
|
||||
})
|
||||
if err := nginx.CheckIngress(ing); err == nil {
|
||||
t.Errorf("with an invalid path, ingress should be rejected")
|
||||
}
|
||||
})
|
||||
|
||||
})
|
||||
|
||||
t.Run("When the ingress is marked as deleted", func(t *testing.T) {
|
||||
|
|
|
|||
|
|
@ -252,7 +252,16 @@ func BuildRedirects(servers []*ingress.Server) []*redirect {
|
|||
func IsSafePath(copyIng *networkingv1.Ingress, path string) bool {
|
||||
isRegex, _ := parser.GetBoolAnnotation("use-regex", copyIng)
|
||||
isRewrite, _ := parser.GetBoolAnnotation("rewrite-target", copyIng)
|
||||
if isRegex || isRewrite {
|
||||
isImplSpecific := false
|
||||
for _, rules := range copyIng.Spec.Rules {
|
||||
for _, paths := range rules.HTTP.Paths {
|
||||
if paths.PathType != nil && *paths.PathType == networkingv1.PathTypeImplementationSpecific {
|
||||
isImplSpecific = true
|
||||
break
|
||||
}
|
||||
}
|
||||
}
|
||||
if isRegex || isRewrite || isImplSpecific {
|
||||
return pathRegexEnabled(path)
|
||||
}
|
||||
return pathAlphaNumeric(path)
|
||||
|
|
|
|||
|
|
@ -164,6 +164,12 @@ func TestIsSafePath(t *testing.T) {
|
|||
copyIng: generateDumbIngressforPathTest(false),
|
||||
path: "",
|
||||
},
|
||||
{
|
||||
name: "should accept / path",
|
||||
want: true,
|
||||
copyIng: generateDumbIngressforPathTest(false),
|
||||
path: "/",
|
||||
},
|
||||
{
|
||||
name: "should accept valid path with regex disabled",
|
||||
want: true,
|
||||
|
|
|
|||
Loading…
Reference in a new issue