DevFW-CICD/ingress-nginx-helm
16
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Adding the ability to use incomplete host names (non-FQDN) in 'auth-url' annotation.

Browse source
This commit is contained in:
Sergey Kudriavtsev 2018-03-27 15:53:46 +03:00
parent 935a5ef2c8
commit 8f3eae699d
1 changed files with 13 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

13
internal/ingress/annotations/authreq/main.go
View file

@ -17,6 +17,7 @@ limitations under the License.
package authreq
import (
"net"
"net/url"
"regexp"
"strings"
@ -135,6 +136,18 @@ func (a authReq) Parse(ing *extensions.Ingress) (interface{}, error) {
return nil, ing_errors.NewLocationDenied("invalid url host")
}
// The hostname can be partial, retrieving FQDN.
fqdn, err := net.LookupCNAME(authUrl.Hostname())
if err == nil {
fqdn = strings.TrimRight(fqdn, ".")
if port := authUrl.Port(); port != "" {
authUrl.Host = net.JoinHostPort(fqdn, port)
} else {
authUrl.Host = fqdn
}
urlString = authUrl.String()
}
authMethod, _ := parser.GetStringAnnotation("auth-method", ing)
if len(authMethod) != 0 && !validMethod(authMethod) {
return nil, ing_errors.NewLocationDenied("invalid HTTP method")