From 13d95d026ad8e2d7ccfb39252e801cc4cc99f479 Mon Sep 17 00:00:00 2001
From: Simon Wessel <9195792+simon-wessel@users.noreply.github.com>
Date: Wed, 1 Nov 2023 23:09:00 +0100
Subject: [PATCH] fix: adjust unfulfillable validation check for
 session-cookie-samesite annotation (#10600)

---
 internal/ingress/annotations/sessionaffinity/main.go      | 2 +-
 internal/ingress/annotations/sessionaffinity/main_test.go | 5 +++++
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/internal/ingress/annotations/sessionaffinity/main.go b/internal/ingress/annotations/sessionaffinity/main.go
index cc2095de4..bee4a2094 100644
--- a/internal/ingress/annotations/sessionaffinity/main.go
+++ b/internal/ingress/annotations/sessionaffinity/main.go
@@ -129,7 +129,7 @@ var sessionAffinityAnnotations = parser.Annotation{
 			Documentation: `This annotation defines the Domain attribute of the sticky cookie.`,
 		},
 		annotationAffinityCookieSameSite: {
-			Validator: parser.ValidateOptions([]string{"None", "Lax", "Strict"}, false, true),
+			Validator: parser.ValidateOptions([]string{"none", "lax", "strict"}, false, true),
 			Scope:     parser.AnnotationScopeIngress,
 			Risk:      parser.AnnotationRiskLow,
 			Documentation: `This annotation is used to apply a SameSite attribute to the sticky cookie. 
diff --git a/internal/ingress/annotations/sessionaffinity/main_test.go b/internal/ingress/annotations/sessionaffinity/main_test.go
index cecf8cf8f..4b7ea5e61 100644
--- a/internal/ingress/annotations/sessionaffinity/main_test.go
+++ b/internal/ingress/annotations/sessionaffinity/main_test.go
@@ -79,6 +79,7 @@ func TestIngressAffinityCookieConfig(t *testing.T) {
 	data[parser.GetAnnotationWithPrefix(annotationAffinityCookieMaxAge)] = "3000"
 	data[parser.GetAnnotationWithPrefix(annotationAffinityCookiePath)] = "/foo"
 	data[parser.GetAnnotationWithPrefix(annotationAffinityCookieDomain)] = "foo.bar"
+	data[parser.GetAnnotationWithPrefix(annotationAffinityCookieSameSite)] = "Strict"
 	data[parser.GetAnnotationWithPrefix(annotationAffinityCookieChangeOnFailure)] = "true"
 	data[parser.GetAnnotationWithPrefix(annotationAffinityCookieSecure)] = "true"
 	ing.SetAnnotations(data)
@@ -121,6 +122,10 @@ func TestIngressAffinityCookieConfig(t *testing.T) {
 		t.Errorf("expected foo.bar as session-cookie-domain but returned %v", nginxAffinity.Cookie.Domain)
 	}
 
+	if nginxAffinity.Cookie.SameSite != "Strict" {
+		t.Errorf("expected Strict as session-cookie-same-site but returned %v", nginxAffinity.Cookie.SameSite)
+	}
+
 	if !nginxAffinity.Cookie.ChangeOnFailure {
 		t.Errorf("expected change of failure parameter set to true but returned %v", nginxAffinity.Cookie.ChangeOnFailure)
 	}