enforce ^~ location modifier when rewrite-target annotation is set
This commit is contained in:
Zenara Daley
parent
aff61dc2dc
commit
0e6f0bb88d
3 changed files with 37 additions and 5 deletions
|
|
@ -155,6 +155,7 @@ var (
|
|||
"buildOpentracing": buildOpentracing,
|
||||
"proxySetHeader": proxySetHeader,
|
||||
"buildInfluxDB": buildInfluxDB,
|
||||
"atLeastOneNeedsRewrite": atLeastOneNeedsRewrite,
|
||||
}
|
||||
)
|
||||
|
||||
|
|
@ -287,9 +288,32 @@ func buildResolvers(res interface{}, disableIpv6 interface{}) string {
|
|||
return strings.Join(r, " ") + ";"
|
||||
}
|
||||
|
||||
func needsRewrite(location *ingress.Location) bool {
|
||||
if len(location.Rewrite.Target) > 0 && location.Rewrite.Target != location.Path {
|
||||
return true
|
||||
}
|
||||
return false
|
||||
}
|
||||
|
||||
// atLeastOneNeedsRewrite checks if the nginx.ingress.kubernetes.io/rewrite-target annotation is used on the '/' path
|
||||
func atLeastOneNeedsRewrite(input interface{}) bool {
|
||||
locations, ok := input.([]*ingress.Location)
|
||||
if !ok {
|
||||
glog.Errorf("expected an '[]*ingress.Location' type but %T was returned", input)
|
||||
return false
|
||||
}
|
||||
|
||||
for _, location := range locations {
|
||||
if needsRewrite(location) {
|
||||
return true
|
||||
}
|
||||
}
|
||||
return false
|
||||
}
|
||||
|
||||
// buildLocation produces the location string, if the ingress has redirects
|
||||
// (specified through the nginx.ingress.kubernetes.io/rewrite-target annotation)
|
||||
func buildLocation(input interface{}) string {
|
||||
func buildLocation(input interface{}, rewrite bool) string {
|
||||
location, ok := input.(*ingress.Location)
|
||||
if !ok {
|
||||
glog.Errorf("expected an '*ingress.Location' type but %T was returned", input)
|
||||
|
|
@ -297,7 +321,7 @@ func buildLocation(input interface{}) string {
|
|||
}
|
||||
|
||||
path := location.Path
|
||||
if len(location.Rewrite.Target) > 0 && location.Rewrite.Target != path {
|
||||
if needsRewrite(location) {
|
||||
if path == slash {
|
||||
return fmt.Sprintf("~* %s", path)
|
||||
}
|
||||
|
|
@ -310,6 +334,12 @@ func buildLocation(input interface{}) string {
|
|||
return fmt.Sprintf(`~* ^%s%s`, path, baseuri)
|
||||
}
|
||||
|
||||
if rewrite == true {
|
||||
if path == slash {
|
||||
return path
|
||||
}
|
||||
return fmt.Sprintf(`^~ %s`, path)
|
||||
}
|
||||
return path
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -382,7 +382,7 @@ func TestBuildLocation(t *testing.T) {
|
|||
Rewrite: rewrite.Config{Target: tc.Target, AddBaseURL: tc.AddBaseURL},
|
||||
}
|
||||
|
||||
newLoc := buildLocation(loc)
|
||||
newLoc := buildLocation(loc, tc.Path != tc.Target)
|
||||
if tc.Location != newLoc {
|
||||
t.Errorf("%s: expected '%v' but returned %v", k, tc.Location, newLoc)
|
||||
}
|
||||
|
|
|
|||
|
|
@ -452,8 +452,9 @@ http {
|
|||
|
||||
{{/* build the maps that will be use to validate the Whitelist */}}
|
||||
{{ range $server := $servers }}
|
||||
{{ $usesRewrite := atLeastOneNeedsRewrite $server.Locations }}
|
||||
{{ range $location := $server.Locations }}
|
||||
{{ $path := buildLocation $location }}
|
||||
{{ $path := buildLocation $location $usesRewrite }}
|
||||
|
||||
{{ if isLocationAllowed $location }}
|
||||
{{ if gt (len $location.Whitelist.CIDR) 0 }}
|
||||
|
|
@ -818,8 +819,9 @@ stream {
|
|||
{{ $server.ServerSnippet }}
|
||||
{{ end }}
|
||||
|
||||
{{ $usesRewrite := atLeastOneNeedsRewrite $server.Locations }}
|
||||
{{ range $location := $server.Locations }}
|
||||
{{ $path := buildLocation $location }}
|
||||
{{ $path := buildLocation $location $usesRewrite }}
|
||||
{{ $proxySetHeader := proxySetHeader $location }}
|
||||
{{ $authPath := buildAuthLocation $location }}
|
||||
|
||||
|
|
|
|||
Loading…
Reference in a new issue