Deny catch-all ingress when DisableCatchAll is set

2021-04-24 11:49:45 -04:00 · 2021-04-24 11:49:45 -04:00 · 8f7fecab17
commit 8f7fecab17
parent 2503b23b09
2 changed files with 26 additions and 0 deletions
--- a/internal/ingress/controller/controller.go
+++ b/internal/ingress/controller/controller.go
@ -224,6 +224,10 @@ func (n *NGINXController) CheckIngress(ing *networking.Ingress) error {
 		return nil
 	}

+	if n.cfg.DisableCatchAll && ing.Spec.Backend != nil {
+		return fmt.Errorf("This deployment is trying to create a catch-all ingress while DisableCatchAll flag is set to true. Remove '.spec.backend' or set DisableCatchAll flag to false.")
+	}
+
 	if parser.AnnotationsPrefix != parser.DefaultAnnotationsPrefix {
 		for key := range ing.ObjectMeta.GetAnnotations() {
 			if strings.HasPrefix(key, fmt.Sprintf("%s/", parser.DefaultAnnotationsPrefix)) {
--- a/internal/ingress/controller/controller_test.go
+++ b/internal/ingress/controller/controller_test.go
@ -256,6 +256,28 @@ func TestCheckIngress(t *testing.T) {
 			}
 		})

+		t.Run("When a new catch-all ingress is being created despite catch-alls being disabled ", func(t *testing.T) {
+			nginx.command = testNginxTestCommand{
+				t:   t,
+				err: nil,
+			}
+			nginx.cfg.DisableCatchAll = true
+
+			ing.Spec.Backend = &networking.IngressBackend{
+				ServiceName: "http-svc",
+				ServicePort: intstr.IntOrString{
+					IntVal: 80,
+				},
+			}
+
+			if nginx.CheckIngress(ing) == nil {
+				t.Errorf("with a new catch-all ingress and catch-alls disable, should return error")
+			}
+
+			// set back to nil for next test
+			ing.Spec.Backend = nil
+		})
+
 		t.Run("When the ingress is in a different namespace than the watched one", func(t *testing.T) {
 			nginx.command = testNginxTestCommand{
 				t:   t,