DevFW-CICD/ingress-nginx-helm
14
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Use whitelist-source-range from configmap when no annotation on ingress.

Browse source 
Even though we were returning a SourceRange it was being ignored because
we were also returning an error. Detect the case (and add tests) when
the annotation is not present and use the BackendConfig in that case.

Fixes #473.
This commit is contained in:
Ash Berlin 2017-03-28 19:20:49 +01:00
parent 0aaffc964b
commit 6ac7a12a60
2 changed files with 94 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
core/pkg/ingress/annotations/ipwhitelist/main.go
View file

@ -56,8 +56,9 @@ func (a ipwhitelist) Parse(ing *extensions.Ingress) (interface{}, error) {
sort.Strings(defBackend.WhitelistSourceRange) sort.Strings(defBackend.WhitelistSourceRange)
val, err := parser.GetStringAnnotation(whitelist, ing) val, err := parser.GetStringAnnotation(whitelist, ing)
if err != nil { // A missing annotation is not a problem, just use the default
return &SourceRange{CIDR: defBackend.WhitelistSourceRange}, err if err == ing_errors.ErrMissingAnnotations {
return &SourceRange{CIDR: defBackend.WhitelistSourceRange}, nil
} }
values := strings.Split(val, ",") values := strings.Split(val, ",")

96
core/pkg/ingress/annotations/ipwhitelist/main_test.go
View file

@ -25,6 +25,7 @@ import (
"k8s.io/kubernetes/pkg/util/intstr" "k8s.io/kubernetes/pkg/util/intstr"
"k8s.io/ingress/core/pkg/ingress/defaults" "k8s.io/ingress/core/pkg/ingress/defaults"
"k8s.io/ingress/core/pkg/ingress/errors"
) )
func buildIngress() *extensions.Ingress { func buildIngress() *extensions.Ingress {
@ -63,10 +64,11 @@ func buildIngress() *extensions.Ingress {
} }
type mockBackend struct { type mockBackend struct {
defaults.Backend
} }
func (m mockBackend) GetDefaultBackend() defaults.Backend { func (m mockBackend) GetDefaultBackend() defaults.Backend {
return defaults.Backend{} return m.Backend
} }
func TestParseAnnotations(t *testing.T) { func TestParseAnnotations(t *testing.T) {
@ -105,16 +107,21 @@ func TestParseAnnotations(t *testing.T) {
t.Errorf("expected error parsing an invalid cidr") t.Errorf("expected error parsing an invalid cidr")
} }
if !errors.IsLocationDenied(err) {
t.Errorf("expected LocationDenied error: %+v", err)
}
delete(data, whitelist) delete(data, whitelist)
ing.SetAnnotations(data)
i, err = p.Parse(ing) i, err = p.Parse(ing)
if err != nil {
t.Errorf("unexpected error when no annotation present: %v", err)
}
sr, ok = i.(*SourceRange) sr, ok = i.(*SourceRange)
if !ok { if !ok {
t.Errorf("expected a SourceRange type") t.Errorf("expected a SourceRange type")
} }
if err == nil {
t.Errorf("expected error parsing an invalid cidr")
}
if !strsEquals(sr.CIDR, []string{}) { if !strsEquals(sr.CIDR, []string{}) {
t.Errorf("expected empty CIDR but %v returned", sr.CIDR) t.Errorf("expected empty CIDR but %v returned", sr.CIDR)
} }
@ -140,6 +147,85 @@ func TestParseAnnotations(t *testing.T) {
} }
} }
// Test that when we have a whitelist set on the Backend that is used when we
// don't have the annotation
func TestParseAnnotationsWithDefaultConfig(t *testing.T) {
// TODO: convert test cases to tables
ing := buildIngress()
mockBackend := mockBackend{}
mockBackend.Backend.WhitelistSourceRange = []string{"4.4.4.0/24", "1.2.3.4/32"}
testNet := "10.0.0.0/24"
enet := []string{testNet}
data := map[string]string{}
data[whitelist] = testNet
ing.SetAnnotations(data)
expected := &SourceRange{
CIDR: enet,
}
p := NewParser(mockBackend)
i, err := p.Parse(ing)
if err != nil {
t.Errorf("unexpected error: %v", err)
}
sr, ok := i.(*SourceRange)
if !ok {
t.Errorf("expected a SourceRange type")
}
if !reflect.DeepEqual(sr, expected) {
t.Errorf("expected %v but returned %s", sr, expected)
}
data[whitelist] = "www"
_, err = p.Parse(ing)
if err == nil {
t.Errorf("expected error parsing an invalid cidr")
}
if !errors.IsLocationDenied(err) {
t.Errorf("expected LocationDenied error: %+v", err)
}
delete(data, whitelist)
i, err = p.Parse(ing)
if err != nil {
t.Errorf("unexpected error when no annotation present: %v", err)
}
sr, ok = i.(*SourceRange)
if !ok {
t.Errorf("expected a SourceRange type")
}
if !strsEquals(sr.CIDR, mockBackend.WhitelistSourceRange) {
t.Errorf("expected fallback CIDR but %v returned", sr.CIDR)
}
i, _ = p.Parse(&extensions.Ingress{})
sr, ok = i.(*SourceRange)
if !ok {
t.Errorf("expected a SourceRange type")
}
if !strsEquals(sr.CIDR, mockBackend.WhitelistSourceRange) {
t.Errorf("expected fallback CIDR but %v returned", sr.CIDR)
}
data[whitelist] = "2.2.2.2/32,1.1.1.1/32,3.3.3.0/24"
i, _ = p.Parse(ing)
sr, ok = i.(*SourceRange)
if !ok {
t.Errorf("expected a SourceRange type")
}
ecidr := []string{"1.1.1.1/32", "2.2.2.2/32", "3.3.3.0/24"}
if !strsEquals(sr.CIDR, ecidr) {
t.Errorf("Expected %v CIDR but %v returned", ecidr, sr.CIDR)
}
}
func strsEquals(a, b []string) bool { func strsEquals(a, b []string) bool {
if len(a) != len(b) { if len(a) != len(b) {
return false return false