diff --git a/internal/ingress/annotations/annotations.go b/internal/ingress/annotations/annotations.go index 765443471..45d68c0eb 100644 --- a/internal/ingress/annotations/annotations.go +++ b/internal/ingress/annotations/annotations.go @@ -81,7 +81,7 @@ type Ingress struct { CustomHTTPErrors []int DefaultBackend *apiv1.Service //TODO: Change this back into an error when https://github.com/imdario/mergo/issues/100 is resolved - Denied string + Denied *string ExternalAuth authreq.Config HTTP2PushPreload bool Proxy proxy.Config @@ -183,7 +183,8 @@ func (e Extractor) Extract(ing *extensions.Ingress) *Ingress { _, alreadyDenied := data[DeniedKeyName] if !alreadyDenied { - data[DeniedKeyName] = err.Error() + errString := err.Error() + data[DeniedKeyName] = &errString klog.Errorf("error reading %v annotation in Ingress %v/%v: %v", name, ing.GetNamespace(), ing.GetName(), err) continue } diff --git a/internal/ingress/controller/template/template.go b/internal/ingress/controller/template/template.go index d04ff7ed7..427a9a1c8 100644 --- a/internal/ingress/controller/template/template.go +++ b/internal/ingress/controller/template/template.go @@ -611,7 +611,7 @@ func isLocationAllowed(input interface{}) bool { return false } - return loc.Denied == "" + return loc.Denied == nil } var ( diff --git a/internal/ingress/controller/template/template_test.go b/internal/ingress/controller/template/template_test.go index 5bfd21409..0338e78d6 100644 --- a/internal/ingress/controller/template/template_test.go +++ b/internal/ingress/controller/template/template_test.go @@ -468,7 +468,7 @@ func TestIsLocationAllowed(t *testing.T) { } loc := ingress.Location{ - Denied: "", + Denied: nil, } isAllowed := isLocationAllowed(&loc) diff --git a/internal/ingress/types.go b/internal/ingress/types.go index 7872c0c57..14108b840 100644 --- a/internal/ingress/types.go +++ b/internal/ingress/types.go @@ -239,7 +239,7 @@ type Location struct { BasicDigestAuth auth.Config `json:"basicDigestAuth,omitempty"` // Denied returns an error when this location cannot not be allowed // Requesting a denied location should return HTTP code 403. - Denied string `json:"denied,omitempty"` + Denied *string `json:"denied,omitempty"` // CorsConfig returns the Cors Configuration for the ingress rule // +optional CorsConfig cors.Config `json:"corsConfig,omitempty"`